I manage our MAC OS X server on a Windows XP machine from a command shell from ssh.com. I can do 98% of my task from the command line, however sometimes I need to use the MAC GUI. I have OSXVNC running on the OS X and Real VNC running on my Windows box.
For our staging server, there is no real security concerns running VNC because the box is inside of our network and can not receive outside traffic. However for our production Web Server, I don’t think it’s a good idea to have VNC running even if you change the default port. For one reason OSXVNC only does 1 part authentication, I.E. you are only challenged with a password, not a user name. Instead of running down to the server room everytime I have to use the MAC GUI, I instead have came up with this nice little tip.
I start VNC server from the command line in my shell client specifing an encrypted password file, log on to VNC, do my buisness, and then kill the VNC server thread. In security theory it goes like this: – I create a locked door on the fly, open it up (keeping it locked behind me), then destroy the door when I am done. This is how to do it.
- OSCVnc creates a directory when installed named: /OSXvnc.app/
- Inside /OSXvnc.app/ there is a utility named: storepassword
- Run this command to create your encrypted file with your password in it:
#./storepassword yourpassword yourfilename
To start OSXVnc by command line:
- Go inside the Application directory(OSXvnc.app) and launch the OSXvnc-server process.
- To change parameters you will need to give it arguments (-rfbport to set port, -rfbauth to specify a password file, etc). For usage run the command with -help. For example:
# ./OSXvnc-server -rfbauth yourfilename
This starts the OSXvnc server with your encrypted password file
Now, start your RealVNC client on your windows machine. You will be asked to autheticate. Once you are done with the MAC GUI, close RealVNC, go back to your command shell and hit: “Ctrl + X” to kill the VNC thread. This is a nice way to not worry about running VNC all the time on your production boxes exposed to the world.
It’s very good article. Great site with very good look and perfect information…I like it
The standard way of doing this is through a ssh tunnel, which is a lot more
secure than this suggestion of creating a temporary open door.
Your right, although I believe the VNC password is hashed went sent over the line. Here is a tutorial to best explain getting SSH to work on Windows with VNC. http://www.trekweb.com/~jasonb/articles/vnc_ssh.shtml
You saved my day! I couldm’t connect to a remote server and even vpn was down.
With your procedure and some tricks I managed to reconnect to the server!
Thank you a lot
Marco
This is certainly nice write, My goal is to shaire the item for our frinds.
Thank you for sharing the post! I look forward to seeing more updates! instagram online