You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Enable Screen Sharing from command line

I inadvertently removed screen sharing from my mac mini server firewall but I can still ssh into it. How can I enable either screen sharing or remote management via ARD?

Thanks so much,

J.

Dual 2Ghz Power Mac/2 Ghz Core Duo MacBook Pro, Mac OS X (10.4.10)

Posted on Feb 10, 2010 6:01 PM

Reply
10 replies

Feb 10, 2010 7:15 PM in response to Ebola

assuming you have ssh access to the remote machine, you can open up a vnc pipeline to it by tunneling vnc traffic (port 5900) over ssh.

here's a guide to setting up the tunnel.
http://www.mactech.com/articles/mactech/Vol.20/20.07/VNCOverSSH/index.html

then once you've created the tunnel, at the command line prompt in terminal, just type
$ vnc 127.0.0.1

"vnc" will launch "screen sharing" app, and the address 127.0.0.1 (port 5900 only) is now being piped over your ssh tunnel to the other machine.

This is a neat way to leave the vnc (screen sharing) ports closed on your firewall for added security, yet still be able to screen share with the remote computer as needed.

The key thing here is that the screen sharing port (5900) is closed at the fire wall, but you have left the screen sharing feature turned on in the services menu of system preferenced.

Feb 11, 2010 6:36 AM in response to Ebola

Hi

Remote Management (not Screen Sharing) is enabled by default on all Server Installs as is SSH. AFAIK unless you expressly turn it off you should be able to simply click the Share Screen option for the server on a client computer's SideBar.

As foilpan says ARD Agent is part of the OS. Even if you have turned it off kickstart via an ssh sesssion will/should get it going. If it's not working for some reason then there's something wrong elsewhere?

Tony

Feb 11, 2010 6:40 AM in response to cpragman

I eagerly tried this and was not able to connect with Screen Sharing. Chicken of the VNC worked fine. Screen Sharing to 127.0.0.1:5900 gave me this error:

A computer cannot connect to itself and share its screen.

Anyway, thank you so much for the help. This is a great way to connect to my server.

J.

Feb 11, 2010 6:45 AM in response to Ebola

Hi

I struggling to understand why you would use the loopback address? Are you trying to vnc to the server on itself by any chance? There are other ways of doing this beyond the Sidebar option. Select Connect to Server from the Go Menu and key in:

vnc://IPaddressofyourserver

There's no need to specify the port number. You could even use a web browser to achieve the same result. Key in exactly as above in the url field and you'll see the VNC authentication prompt window.

Tony

Feb 11, 2010 7:11 PM in response to Antonio Rocco

Sorry for the imperfect instructions, I was doing it from memory.

First, set up secure ssh credentials by doing the public/private RSA key exchange.
Based on someone else's suggestion I found on the web, I created an "alias" command in my .tcshrc file. I just launch a terminal session and use my alias I've created, followed by my ssh credentials on the remote machine, and the alias/script does the rest.

Begin fragmment from my .tcshrc....
echo " myvnc ACCOUNTNAME = connect to ACCOUNTNAME via VNC"
alias myvnc 'ssh -f -L 1202:localhost:5900 \!:1 sleep 10 ; open vnc://localhost:1202'
... End fragment.


So when I want to vnc I just type

$ myvnc username@mycompany.dyndns.org

In fact, after a while, I got tired of reading all the server logs of people trying to hack my server over port 22 (ssh standard port). Once you have the alias command above working for you, you can pick a different port on your server's firewall, and forward it to port 22 inside the firewall. That way, hackers that scan your port 22 won't get any response.
Once you do this, you can revise the alias in your .tcshrc to also include the "-p" ssh argument, so hep save you the trouble of remembering the ssh port you have moved your server conversation to. For example, it you decided to close port 22 at the firewall, and forward port 2222 (just an arbitrary number I picked) to your server's port 22 inside the fire wall, your alias line would look like this...

alias myvnc 'ssh -p 2222 -f -L 1202:localhost:5900 \!:1 sleep 10 ; open vnc://localhost:1202'

Enable Screen Sharing from command line

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.