This procedure will allow you to set up your on-campus Apple computer to be controlled remotely from an Apple or Windows computer running Virtual Network Computing software (VNC). Because of some security limitations of this software, this procedure will also configure a “secure” tunnel between your off-campus and on-campus computers. Note: If you are accessing the on-campus Mac via a Windows computer, you will need to install some third party software to accomplish this.
- You must be running OS X 10.7 or above on the on-campus Apple computer, and have administrator level access to the computer.
- If you intend on using a remote (off-campus) Windows computer to control your on-campus Apple computer, you will need to have administrative privileges (the ability to install software) on that computer as well (a remote Apple computer will not require Administrative rights or permissions).
ALL accounts for users on the Mac computer that will be allowed remote control access must have a STRONG password set. Once the attached remote access setup is complete, this computer will be exposed to the global Internet and will very likely be probed several times per hour for password weaknesses by automated attackers from all over the world.
This password for each remote access enabled user account must meet the DePaul minimum password complexity guidelines of being made up of at least 12 characters, including at least one digit (0-9), and at least one of the following ‘special’ characters: ! @ # $ * ( ) - _ ; : / ? . , However, the longer and more complex the password is, the less likely it will be easily ‘guessed’ or ‘cracked’ by a remote attacker.
Passwords for user accounts can be set from the “Users & Groups” System Preferences panel (Apple menu -> Users & Groups -> Select each user account, and click “Change Password”). You may need to “unlock” the System Preference panel in order to change the password of you or other user accounts.
Setting Up Your Mac For Remote Control
In the following section, we will set up your on-campus mac to accept secure connections for remote control from your home or off-campus computer, adjust power settings, and engage the Mac’s on-board firewall. There are a number of steps we’ll need to complete, but this procedure will only need to be completed once.
- Begin by accessing the "System Preferences" panel from the "Apple" menu in the upper left-hand corner of you screen.
- Select the “Sharing” object, which will open the “Sharing” panel.
- Select “Remote Logon" from the list of available services on the lower left-hand side of the “Sharing” panel. Place a check box in the “On” column, then click “Only these Users”, and select the “+” button.
- On the user selection sub-panel that appears, select the user accounts you will want to allow to remotely control this computer. NOTE that a STRONG PASSWORD must already be configured for this account as outlined in the prerequisites above. If a strong password has not yet been configured click "Cancel" and update the password from the “Users & Groups” Preference panel. Otherwise, select the desired user account, and click “Select”. You will be returned to the "Sharing" panel.
- Next, click on the check box for “Remote Management”, and similarly, select “Only these users”, using the “User selector” to add authorized users to the list of allowed users. As you add users, you will have some control over what level of access each user will have over this computer. These settings only apply to users of Apple Remote Desktop (pay for license) software, and as such, can largely be ignored at this point. Select the “Observe”, and “Control” check boxes for now, and click “OK”. You will once again, be returned to the "Sharing" panel.
- With "Remote Management" still selected, click the “Computer Settings” button above the “Allow access for” section of the "Sharing" panel.
- In the sub-panel that appears, select “Show Remote Management status in the menu bar”, and “VNC viewers may control screen with password”. In the password field, you’ll need to enter a second strong password (preferably not the same as your login password) that is also complex and difficult to guess. You will be limited to only using 8 characters for this password. Then click “OK”.
- As a last step, once back in the "Sharing" preferences pane, click the “back” button (upper left-hand corner of the panel) to return to the main "System Preferences" panel. Click “Security & Privacy”
- On the "Security & Privacy" panel, click the “Firewall” tab, then click “Turn on Firewall”. Note: While we’re in the "Security & Privacy" panel, you should take the opportunity to configure your computer to lock and require a password once the screen saver enagages, so your computer isn’t sitting open to anyone who could gain physical access to it. Do so in the “General” tab of this panel.
- Next, go “back” to return to the "System Preferences" panel, and select “Network”. In the Network Preferences pane, note the active ethernet network interface (this should have a green indicator light) and the IP Address associated with that interface. This will be a numeric series of digits separated by periods such as 140.192.XXX.XXX. Take note of this number, as you will need it later when you want to actually access this computer.
- Last, we’re going to need to make one last change that will prevent this computer from going to sleep so you will be able to access it remotely from off-campus. From the main "System Preferences" panel, click “Energy Saver”. On the "Energy Saver" page, click the check boxes for “Put hard disks to sleep when possible, "Startup automatically after a power failure", and “Wake for Network Access”. Then drag the “Computer Sleep” time slider all the way over to “Never”.
- You can now close the System Preferences panel – your on-campus computer is now ready to be remotely controlled.
Setting Up A Remote (off-campus) Mac to Remotely Control Your DePaul Campus Mac
The following instructions will guide you through the process of configuring a second, off-campus Mac computer to remotely control your on-campus Mac computer. All instructions are to be executed on the remote (off-campus) Mac. (Steps for enabling remote control from a Windows computer are detailed below)
Prerequisites: You will need the IP address of the computer you gathered in step 10 above.
- Begin by opening the "Terminal" application from the Applications folder. You can navigate to it directly (/Applications/Utilities/Terminal), or you can search for it using Spotlight (the search menu identified by the magnifying glass in the upper right-hand corner of your screen).
When Terminal opens, you will be presented with a command line interface. Enter the following command (*you can copy/paste but note the IP ADDRESS where you will need to enter the REAL IP ADDRESS of your on-campus computer you gathered in Part 1/Step 11)
ssh –L 5901:xxx.xxx.xxx.xxx:5900 email@example.com -p 22
where: xxx.xxx.xxx.xxx is the IP address of your on-campus computer, and ‘username’ is the username of your user account on the on-campus Apple computer.
For instance, if my username is jdoe123, and the address of my computer at DePaul is 220.127.116.116, the command line I would put into Terminal would be:
Once a connection is established, you will be presented with a password prompt inside the terminal window. Enter the password you use to log into the on-campus computer. Once you have successfully logged in, you will be presented with a remote terminal shell on that computer. Leave the terminal window open for the duration of your remote control session.
From the Finder’s "Go" menu, select “Connect to Server”
In the "Connect to Server" dialog box that appears, enter: vnc://localhost:5901 Then click “connect”.
You will be once again prompted for your username and password for the on-campus Mac. Enter it as prompted, and click “Connect”.
You will be presented with a new window showing the current desktop of your on-campus Mac. When you have completed your work session, close the window using the (red) close window command button in the upper left-hand corner of the window, then type exit or close the Terminal window / Quit the Terminal application you opened in Step 1.
Setting Up A Remote (off-campus) Windows Computer to Remotely Control Your DePaul Campus Mac
The following instructions will guide you through the process of configuring off-campus Windows computer to remotely control your on-campus Mac computer. All instructions are to be executed on the remote (off-campus) Windows PC.
Prerequisites: You will need the IP address of the computer you gathered in Part 1, Step 11.
You will need to download PuTTY (a terminal emulation software) from here
You will also need to download
and install a VNC client. Note, when you come to the screen to select which components to install, ONLY install the viewer.
Once you have both software components installed, you will can now perform the two-step process to connect to your on-campus Mac computer:
- Start PuTTY, and in the initial PuTTy window, brose in the left-hand pane to the “Connection” settings, then to SSH. Place a checkbox under “Enable Compression”.
- Next, in the left-hand pane, under "Connection/SSH", select “Tunnels”, and enter “5901” in the “Source Port” field, “the IP address of your on-campus computer (obtained in Part1 – Step 10), and click “Add".
- Next, in the left-hand pane, scroll up to “Session” and again place the IP address of your on-campus computer in the “Host Name (or IP Address)" field, enter “22” into the “Port” field, and enter a description for this connection (so you can use it again without having to enter each of these steps) into the “Saved Sessions” dialog box. Then click “Save”.
- You can now click “Open" to initiate a new connection to your on-campus computer. Enter your username and password (for your on-campus computer) when prompted. Once connected, you will be presented with a command line interface on your computer. You can minimize this window, but DO NOT CLOSE IT for the duration of your remote control session.
- Next (almost there), start your VNC client. At the main VNC connection screen, enter “localhost:5901” into the “VNC Server” field, and under encryption, leave the “Let VNC choose” option selected in the dialog box. This option is for using encryption built into VNC’s (paid for) server software.) Next, click “Connect”
- You will likely be issued an “Unencrypted Connection” warning – this is ok, and you may ignore this warning, since your connection is actually protected by the SSH tunnel you set up using proxy earlier in step 1 of this configuration (VNC cannot determine that this connection has actually been protected, hence the warning).
- You can now log in and use your Mac computer remotely. When you are done with your session, simply close the VNC window, and in the PuTTY window you minimized (or otherwise left open earlier), simply type “exit” or close the window. This closes out all connections to your on-campus computer.