Comments on: ISP-In-A-Box: The $500 Mac mini (Chapter XIV: Remote Access and Remote Control)

By: Jason SJOBECK

Jason SJOBECK — Sat, 24 Dec 2005 08:05:58 +0000

I know you refer to some folks using an SSH tunnel as a possibility, but, really, this ought to be the defacto procedure, it really ought to be required. FUGU is easy enough to use for tunneling SSH.

Keep up the great writing.

Peace. Love. FreeBSD.

Jason

By: patrick

patrick — Fri, 25 Feb 2005 13:45:13 +0000

Why on earth do you advocate to switch to root to open a ssh session? That is really not neccesary. Also ssh 111.111.111.111 should be ssh username@111.111.111.111

[WM: Our subject matter has been managing your Mac as a server so root access is usually necessary. As for syntax, yours obviously works but, like everything else in Unix, there are multiple ways to do just about everything. I used your recommended syntax in explaining scp to show another approach, but feel free to use whatever syntax you’re most comfortable with.]

By: Filip Machi

Filip Machi — Thu, 24 Feb 2005 19:33:05 +0000

I’m curious about your [since retracted] statement that "VNC is a secure, encrypted protocol." The VNC web site itself says that it isn’t:

"Once you are connected, however, traffic between the viewer and the server is unencrypted, and could be snooped by someone with access to the intervening network."

http://www.uk.research.att.com/archive/vnc/sshvnc.html

Which is it?

[WM: You are correct. Too much time alternating between pcAnyWhere and VNC. 50 lashes to me! Boy, that crow tastes good!]

By: Larry

Larry — Thu, 24 Feb 2005 03:21:14 +0000

If you are going to be security conscious why are you letting VNC through your hardware firewall? You already have a secure hole opened for ssh. Why not take advantage of that and forward the VNC traffic over ssh? Being lazy and not wanting to screw with the bizarre command line arguments I use an excellent little utility SSHTunnelManager. You can use it to set up your tunnels on both ends of the connection. I forward traffic from my Mac at home using M$ Remote Desktop Connection via SSHTunnelManager to my Mac server at work and from there it is forwarded to different WinBlows boxes. Nice, safe, and secure. And if you are using WinBlows boxes you can do the same thing with Putty. [WM: Your approach is a good one. VNC is secure only in passing your password. For more on the process, see the next comment.]

By: Jonathan

Jonathan — Wed, 23 Feb 2005 19:32:31 +0000

Read your nice little writeup on Remote Control of a mac mini. I couldn't help but notice that you are recommending that people use the ARD 2.1 client for the VNC Server. As the maintainer of OSXvnc I was curious if you were aware of our free vnc server for OSX but chose to recommend ARD instead. I'm hopeful of the day when ARD becomes a great VNC server, but IMHO totally unbiased of course - they aren't quite there yet. OSXvnc works on 10.1 and 10.2 not that many Mini's will be running that . OSXvnc also supports pasteboard access which the ARD server client lacks. And we dodge the whole nomenclature problem by calling our server a server not a client. Anyhow if you weren't aware of it you should checkout http://www.redstonesoftware.com/vnc/ If you were, I would be happy to hear about the reasons for your preferences for ARD. Thanks for listening, Jonathan Gillaspie [WM: I was aware of OSXvnc and liked it very much. In fact, I had intended to include it until the article kept getting longer, and longer, and longer. There was nothing at all wrong with OSXvnc, but my primary focus was the Mac mini with its included OS X 10.3, and Apple's server (aka ARD 2.1 client) just happened to be part of that bundle. So, the bottom line is that there are two great VNC server solutions: one from Apple (which they call a client) and another from Redstone Software (which you call a server). Both work great, and I made a choice based upon nothing more than editorial space constraints. Thanks for writing.]

By: tim

tim — Wed, 23 Feb 2005 15:38:18 +0000

What about VPNs? [WM: The focus of today's article was remote access tools to let you connect to your Mac from afar and use it or manage it. The tools identified are more suitable for this purpose. There is a place for VPNs, but this wasn't it. I'm also a firm believer that VPN servers should be handled by separate hardware because of the computational resources required. There are perfectly good VPN solutions included in some home/small business firewalls such the offerings from Netgear. Even VPN clients, however, get complicated in a hurry, and we felt that topic deserved separate treatment ... but we will get to it. Thx.]