I manage our MAC OS X server on a Windows XP machine from a command shell from ssh.com. I can do 98% of my task from the command line, however sometimes I need to use the MAC GUI. I have OSXVNC running on the OS X and Real VNC running on my Windows box.
For our staging server, there is no real security concerns running VNC because the box is inside of our network and can not receive outside traffic. However for our production Web Server, I don’t think it’s a good idea to have VNC running even if you change the default port. For one reason OSXVNC only does 1 part authentication, I.E. you are only challenged with a password, not a user name. Instead of running down to the server room everytime I have to use the MAC GUI, I instead have came up with this nice little tip.
I start VNC server from the command line in my shell client specifing an encrypted password file, log on to VNC, do my buisness, and then kill the VNC server thread. In security theory it goes like this: – I create a locked door on the fly, open it up (keeping it locked behind me), then destroy the door when I am done. This is how to do it.
– Inside /OSXvnc.app/ there is a utility named: storepassword
– Run this command to create your encrypted file with your password in it:
#./storepassword yourpassword yourfilename
To start OSXVnc by command line:
– Go inside the Application directory(OSXvnc.app) and launch the OSXvnc-server process.
– To change parameters you will need to give it arguments (-rfbport to set port, -rfbauth to specify a password file, etc). For usage run the command with -help. For example:
# ./OSXvnc-server -rfbauth yourfilename
This starts the OSXvnc server with your encrypted password file
Now, start your RealVNC client on your windows machine. You will be asked to autheticate. Once you are done with the MAC GUI, close RealVNC, go back to your command shell and hit: “Ctrl + X” to kill the VNC thread. This is a nice way to not worry about running VNC all the time on your production boxes exposed to the world.