Can't Connect to Remote Mac Using SSH and Chicken of the VNC

The derivation of port number from display could be redundant, I suppose, but in my particular situations/installations, on home computer and work computer and on my laptop too, my display number is ALWAYS grayed out and cannot be changed from the display field, when I use those computers as the local client. The only way I can make that field update is by specifying the port number as part of CotVNC's host address. I've got a 2001 Quicksilver at home, a 2002 Quicksilver at work, and a Powerbook G4 laptop that came out right before the Intels were available in the stores, all running 10.4.9. Interesting that you are able to specify port number via the display field and I can't.

Never realized that "right-justification" "feature" of IP addresses before (127.1 = 127.0.0.1). I would have thought that unix's syntax would have been way to picky to allow that!

That said, sounds like Gregory's home computer is okay, wouldn't you agree? I'm thinking we should verify Gregory's iMac now, starting with what checkboxes are checked in System Preferences > Sharing > Firewall tab (even the grayed-out ones that are configured from the Services tab). So Gregory, on your iMac at work, please verify what services have you made available (checkboxes checked) from your work's iMac via the Firewall panel?

Also, Gregory, is that iBook G4 that you list in your profile your home computer? Would you be able to take it into work with you one day next week and try to affiliate to the work's subnet and make a (non-tunneled, unencrypted) VNC connection directly to your iMac (iBook cotVNC host address = {IPaddressOfYourIMAC} and display = 0)?

Hey Gregory:

I notice that you don't report an independent entry for VNC in your (Sys Prefs Sharing Firewall) list. I talked about that in my first post at step 3:

3. System Preferences > Firewall: VNC checkbox is checked
(a) If you don't have a "VNC" entry in the list, click on "New" and make one. It is a "pre-canned" option in "New" that already defines the ports that will be opened in your computer's firewall.

This is in addition to the ARD entry that I talked about in step 1 of that post.

Now, at least currently in my ARD entry, it says it has ports 3283 and 5900 open, so one might argue why would one need to specify 5900 again in a VNC entry. I don't know, all I know is if I don't specify port 5900 in an independent VNC entry, it doesn't work. I can't explain it. It just doesn't work.

Similarly, one might also argue that you don't need to enable Remote Desktop because the ports are opened under your custom 1024-65535 thing, right? So, one could ask what happens with Remote Desktop if you uncheck Remote Desktop but leave the customized thing enabled? Can you still remote desktop?

Or, one could say that since you have Remote Desktop enabled even though you have the customized thing open that includes the same ports, why not make a (redundant) independent VNC entry, too?

So if you do not have a separate VNC entry in addition to your current Remote Desktop entry, I would say let's see what happens if you add one. If you do have to add a specific VNC entry to your iMac's Firewall Panel, when you click on "New," it is a choosable option under the "Port Name" pulldown menu and will autofill the TCP and UDP port information for you.

So, try adding an independent VNC entry in the imac's firewall panel and let's see what happens, okay?


(If you find that my post solves your problem, or is actually helpful towards arriving at a solution to your problem, please consider clicking on either the "helpful" or "solved" buttons in the header of my post. Thank you.)

Not a problem with the help. I had some issues when I first was setting this up on my work and home and "on-the-road" computers and people on this forum helped me out, so it's my turn to "pass the torch." Hopefully, I won't drop the torch and burn the house down, and we'll have a happy ending here...

So let's verify some more settings on your iMac.

Refer to my first post step 2 for the "Server" (your iMac) computer:
2. System Preferences > Services > Apple Remote Desktop highlighted: click on "Access Privileges"
(a) upper half of Access Privileges configuration window: configure as desired
(b) lower half of Access Privileges configuration window: "VNC viewers may control screen with password" checkbox is checked and password is set

So, on your iMac, go into system preferences, click on sharing, and click on the services tab. Single click on Apple Remote Desktop so it is highlighted (make sure you haven't accidentally unchecked the checkbox for it when you do that).

Now, to the lower right of the scrollable "Services" menu with the checkboxes in it, do you see that button that just appeared that says "Access Privileges..."? Click on it. You get a new window. The top half has a list of user accounts on your iMac with a bunch of checkboxes to the left of it that you can check or uncheck to allow or disallow whatever you want each user to be able to do. (That's my step 2a part). On the bottom half of that window (my step 2b), there are two lines of text, each with a checkbox, that says:
⎔ Guests may request permission to control screen
☑VNC viewers may control screen with password ▭
Is that second box checked? It should be.
The password that you entered in your home computer's CotVNC for this work connection is the password that goes in the box to the right of the "☑VNC viewers may control screen with password" (myPassword)

Lemme know if all this stuff checks out and we'll try to figure out where to go from there. If it all does, I'm wondering, on your home computer, is the CotVNC password saved in your keychain? Might there have been a typo entering it there? Might it be worthwhile to delete it from your keychain and try manual password entry for one or two times? Might there have been a typo back in your iMac's "☑VNC viewers may control screen with password ▭" (the shadowed password display "•••••••••" is always so helpful in situations like these -- NOT)? But...one thing at a time....


(If you find that my post solves your problem, or is actually helpful towards arriving at a solution to your problem, please consider clicking on either the "helpful" or "solved" buttons in the header of my post. Thank you.)

Tricky? Uhhhh, yeah! Very perplexing....

You seem to have a lot of services open -- I'm wondering might there be a conflict. Two things I would suggest trying would be (1) turn off (temporarily) all services but ssh and ARD-enabled VNC, as in shut down those services on the firewall and making sure that your programs like FileMaker, etc., aren't running as faceless daemons in the background, and (2) try setting this up in the reverse direction with your iMac as the local VNC client connecting to your Powerbook as the VNC server.

A couple of other things -- you don't have any copies of Apple Remote Desktop client installed and/or running anywhere, do you (other than the "OEM" configuration of ARD in the firewall settings of your system preferences' sharing stuff)? I don't have ARD client (it's like big buck$ so I find CotVNC's quite adequate on a feature-to-cost ratio basis), but I'm wondering that since ARD client is, as I understand it, VNC-like, whether there might be some sort of conflict going on with that and CotVNC. There wouldn't be some esoteric setting in VNC about a password to control the screen or something like that, that is somehow, through some configuration file buried in the bowels of your computers, conflicting with what you are trying to do here? Seems unlikely, but, right now it sounds like your ssh/ARD-enabled-VNC config is identical to both instances of mine so I'm really perplexed as to why mine work and yours don't.

I had asked earlier about when your iBook is inside your work's firewall, and you said that when you connected VNC to your iBook specifying the iMac's IP address as the CotVNC host address, that that worked okay, right? While inside the firewall, and setting up a ssh tunnel, you still crash and burn, right?

Also, since you have personal file sharing enabled on your iMac, are you (as I successfully do) tunneling that in ssh so you can securely afp-mount your iMac on your iBook? I do that with a -L 5480:localhost:548 port tunneling directive in my ssh login command, and then in the Finder, I ⌘k to afp-mount localhost:5480. Does that work for you? I'm just trying to see if other services seem to be tunneling okay for you.