Remote Access and Control

Remote Access and Control

In addition to sharing files with other computers and accessing files on other computers, it's also possible to access and control a Mac running OS X remotely (from another computer). Maybe you want to move a file from your private Documents folder to your Public folder so that another user has access to it, but aren't sitting at the computer at the time. Perhaps you want to make sure Software Update runs on another computer in your home or office without having to sit down and log into that computer. Or maybe you're trying to troubleshoot a problem on another computer and seeing what the other user is seeing will help you better understand what's going wrong. Each of these tasks can be accomplished remotely using either OS X's built-in abilities or with the help of third-party software.

Remote Login

The simplest type of remote "control" of a Mac—in terms of both the interface and the tools needed—is called Remote Login, and is built into every Mac running OS X. To enable Remote Login, simply open the Sharing pane of System Preferences, and check the box next to Remote Login in the Services tab. To the right you'll see the message "Remote Login On." What this actually does is enable OS X's built-in SSH (Secure Shell) server. SSH allows a remote computer to connect via a command-line interface, authenticating and encrypting all communication between the server and the remote computer.


If you've ever used a Telnet connection, an SSH connection will look very familiar; it's basically a secure, encrypted form of Telnet.

Once Remote Login is enabled, any user with an account on your Mac can connect using a command-line application (such as OS X's Terminal or Window's Console), and then log in using their username and password. Once connected, the user can execute pretty much any command available to them when physically sitting at the computer, logged in, using Terminal. In the case of an admin user, this is an incredible amount of power, so be very careful who has admin access on your machine if Remote Login is enabled.

As a side note, despite the name, Remote Login doesn't have to be remote—you can actually log in to your own computer from another user account on your computer. For example, if another user is currently logged in and you want to move a file from your Documents folder to a publicly viewable directory so that the user can access it, you can launch Terminal from within their account, but log in to your computer via SSH using your own username and password. You can then move the file (as described in the example a bit later in the chapter) and disconnect. This is a lot more convenient than having the other user log out, logging in to your own account via the login window, moving the file, logging out, and then having the other user log in again. (That being said, although this is a neat trick, using the su, or switch user, command—su yourusername <RETURN> and then entering your password—does the same thing without requiring that Remote Login be enabled.)

Connecting via Remote Login

To connect to a Mac using Remote Login, open Terminal on another Mac (or Console on a Windows computer or any Unix command-line app), and type ssh username@serveraddress <RETURN>, where username is your short username (on the computer to which you're connecting) and serveraddress is the IP address (or, if applicable, the domain name) of the target computer. (If you're connecting from another Mac, and your short username is identical on both Macs, you can just type ssh serveraddress <RETURN>; OS X will automatically send your username for you.) After a few seconds you'll be asked for your password; after providing it you'll see a standard command-line interface, just as if you were using Terminal in person.


To log in to the local computer (the one you're actually using) to test that SSH is working properly, type ssh username@localhost <RETURN>.

Once you're connected to the remote computer, your command-line prompt will change to reflect that you're no longer working locally; for example, in most shells, the name of the remote computer will be included in your Terminal prompt. At any point, type exit <RETURN> and you'll be logged out and disconnected.

Internet Location Files and Remote Login

Earlier in the chapter I showed you how to create Internet Location files for frequently accessed servers and shares. You can actually create these Location files for SSH connections, as well. Use the same steps you would use to create any other type of Internet Location files, but for the URL type ssh://username@serveraddress. Opening the resulting Location file will launch Terminal and initiate an SSH connection with the server using the appropriate username. (You can't include your password in an SSH location file, since the remote computer won't ask for your password until after a secure connection is initiated.)

Using Remote Login

As I stated earlier, once logged in to a Mac remotely you can do anything that you could do if you were using Terminal while sitting at the computer. Because of the sheer number of commands and applications that can be run from Terminal, I can't provide you with a comprehensive list of possible tasks. However, I talk a good deal more about Terminal commands in Chapter 15. In addition, here are some of the most common commands.


Read the manual page for a command (e.g., man commandname)


List the files in the current directory


List the path of the current directory (the working directory)


Change directory (e.g., cd /Users/Shared to switch to the Shared user folder)


Create (make) a new directory (e.g., mkdir 'New Files' to create a new directory named New Files)


Remove/delete a directory (e.g., rmdir 'New Files')


Move file (e.g., mv /Users/username/document /Users/Shared/document to move a file from inside your user folder to the Shared user folder)


Copy file (e.g., cp document document2 to make a copy of document named document2.)

These are just a few (very, very few) of the commands you can use when logged in remotely. To give you a better idea of the kinds of things you can do using Remote Login, here are a few short examples.

Moving a File from Your Documents Folder to Your Public Folder

User Level:






Imagine that you have a document on your computer that you want another user to be able to access. However, that document is currently inside your Documents folder, and you're not at home to move it someplace where the users can get to it (such as your Public folder). You can use Remote Login to move it or copy it to your Public folder.

  1. Log in remotely by typing ssh username@serveraddress <RETURN> in any command-line application. Enter your password and press return.

  2. Your initial working directory (the directory you are "in" when you first log in) will be your user folder; type ls <RETURN> to view the names of all the folders in your home directory.

  3. Change to the directory that contains your file. Do this by typing cd foldername <RETURN>, where foldername is the name of the folder you want to switch to. For example, switch to your Documents folder by typing cd Documents <RETURN>. ("Changing directories" in Unix is much like opening a folder in the Finder—you're opening a folder to work with files inside of it.) Type ls <RETURN> again to view the contents of the folder you just switched to.

  4. Continue to use cd and ls until you find the document you want to move. (If you want to move up a level—say, from Documents to your main user folder—type cd .. <RETURN>. This is the Unix command for viewing the folder enclosing the current directory.

  5. Once you find your document, type mv documentname /Users/username/Public/documentname <RETURN> (where documentname is the exact name of the document and username is your short username) to move it from the current directory to your Public folder. If you'd rather keep the original document where it is and make a copy of it in your Public folder instead, type cp documentname /Users/username/Public/documentname <RETURN>.

After following these steps, your fellow user(s) will be able to access the document in question by opening your Public folder (either while sitting at your computer, or via one of the remote sharing options discussed in the previous chapter).


As I mentioned earlier, you can use this same procedure if you are near your computer, but you don't want to make the other user log out, then log in yourself, move the file, log out, then have the other user log in again. Simply launch Terminal from within the other user's account, type ssh yourusername@localhost <RETURN>,provide your password, and then move the file as described above. When you're done, type exit <RETURN>. (Although as I mentioned above, a better way to do it would be to just use the su command: su yourusername <RETURN>.) The ability to login to your own account via Terminal from within another user's account is a real time-saver and convenience that I use quite frequently.

Quitting an Application That's Taken over Your Mac

User Level:






Sometimes an application will "hang"—it will freeze and take up so much of the CPU that you can't even use the Force Quit window to quit it. In situations like these, if you have Remote Login enabled, you can sometimes quit the application remotely, giving you back your Mac.

  1. From another computer, log into your Mac using SSH.

  2. Type top -u <RETURN>. This will present you with a list of all running applications, sorted by CPU usage—chances are the problematic application will be listed first, since it's hogging the processor. Note the PID (process ID) number of that application on the left.

  3. Press the Q key to quit the top utility and return to the Terminal prompt.

  4. Type sudo kill -9 PID, where PID is the process ID number of the problematic application (which you got from the top display). Enter your password when prompted. This will unmercifully quit the application

  5. Log out, walk back to your computer, and enjoy not having to restart.

Although this process isn't foolproof—some crashes are so severe they don't even let you log in remotely—when it works, it's often a real timesaver.

Using Software Update Remotely

User Level:






I talked about the Software Update application in Chapter 4. However, there is also a command-line version of Software Update that is accessible via Terminal—and, thus, when logged in remotely. Although this feature is priceless for a network administrator who is supporting many Macs, it can be quite useful even for the home user. For example, my home office has a G4, but we also have an iBook on an AirPort network. Occasionally I'll run Software Update and find that a new update is available. In the past, this meant having to go find the iBook (wherever it might be in the house) and then running Software Update on it. But under OS X, I can simply launch Terminal on the G4, log in to the iBook remotely, and update the software right from my desk. (I'm not lazy; I'm just busy. Really.)

Here's how you do it (in this example, "target computer" is the computer you're updating, and "remote computer" is the computer from which you'll be accessing the target computer):

  1. Log in to the target computer remotely using SSH.

  2. Type sudo softwareupdate <RETURN> and provide the password for your admin-level account when prompted. Software Update will run on the target computer, and you'll be provided with a list of available updates by name, each with a corresponding number. For example, on a recent update, I was presented with the following output:

        - 3283
          Internet Explorer 5.2 Security Update (5.2.2), 9330K
        - 3359
          QuickTime (6.0.2), 19620K - restart required
        - 3339
          StuffIt Expander Security Update (7.0), 4420K

    The updates are listed with version numbers, file sizes, and whether or not a restart of the remote computer is required. In addition, each update is preceded by an identifying number.

  3. To install an update, type sudo softwareupdate update# <RETURN> where update# is the number listed next to the desired update. For example, to install the QuickTime update listed above, I typed sudo softwareupdate 3359. Enter the admin password when prompted.

  4. When the installation is complete, you'll see a message in Terminal letting you know that the update has been installed. If the update does not require a restart, you can simply type exit to log out of the target computer. If the update requires a restart, you'll receive a message telling you to restart immediately. Luckily, you can do this remotely, too. Simply type sudo reboot, and enter the admin password at the prompt. You will be logged out of the target computer, and the target computer will restart. (Note that remote reboot is not the same as choosing Restart from the Apple Menu. Remote reboot does not save documents or close databases—it simply kills every running process and restarts. If you think someone might be using the remote machine, or there may be unsaved documents open, it's probably safer to ask the user to restart the machine, or restart it yourself later.)


When using Software Update remotely, you can actually install more than one update at once. To do so, simply include the update numbers in the same command: sudo software update update# update# update# <RETURN>. The updates will be installed consecutively, and you will be notified when they are all completed.

Desktop Control: VNC

Remote Login is extremely powerful; however, it requires some knowledge of Unix commands and it has a horrible user interface (unless you really like using a command line to get things done). There are times when it would be nice to actually see the screen of another computer, and control it as if it were right in front of you. For example, helping someone troubleshoot a computer is much easier if you can see exactly what they're seeing. Another example is when you want to turn a Sharing service on or off in Sharing preferences—doing so is tricky in Terminal if you don't know what you're doing, but if you can control the mouse on your computer from another computer, you can actually open System Preferences, switch to the Sharing pane, and click the appropriate box yourself. Finally, many parents with very young children like to monitor their child's computer use.

One solution is what is known as virtual network computing (VNC). By running a VNC server on a computer, VNC clients can connect to that computer, view its screen, and even control it—all from another computer on a local network, or even from a computer halfway around the world.

Setting Up a VNC Server on OS X

There is currently an open-source project dedicated to producing a VNC server for Mac OS X, called OSXvnc ( There are several implementations of OSXvnc that you can install on your Mac, the most elegant of which is the freeware Share My Desktop ( It allows you to set up either a user-level server (one that can be started and stopped by any user, and in fact requires a user to manually start and stop it) or a system-wide VNC server that is enabled at startup.

Starting a User-Level VNC Server

User Level:



individual user



If you only plan to use a VNC connection once in a while—for example, when a user needs help—it's probably better to simply have the user start the VNC server when needed. You can actually install a copy of Share My Desktop on each of your computers, in the /Applications folder so that any user can access it.

To start the VNC server, a user simply needs to launch Share My Desktop and click the large "Start sharing" button. The window will then show the connection information, including the IP address, port number, and password to connect, which Share My Desktop created for you automatically (Figure 11.9). (The connection info is also copied to the clipboard, so that the person starting the server can paste it into an e-mail and send it to the person trying to connect—a nice touch!) Keep in mind the caveats I mentioned in Chapter 10 about IP addresses when you're behind a router.

Figure 11.9: Share My Desktop shows you everything you need to know to connect to the local VNC server.

It's as simple as that; your VNC server is up and running. However, there are a few options you can take advantage of via the Share My Desktop preferences dialog. You can create your own password, change the port used by the server (don't use any port lower than 5900), hide the password (so that it doesn't show up in the Share My Desktop window), and set up Energy Saver settings (so that the computer doesn't go to sleep or dim the screen when someone else is accessing it).

When you're done with the VNC server, you can stop it by simply clicking the "Stop sharing" button.

Starting a System-Level VNC Server

User Level:






What if you want your VNC server to be running 24/7? For example, if you want to be sure that you can access your computer via VNC no matter the time or need, you'll want the VNC server to always be enabled. Share My Desktop allows you to install a version of the VNC server in OS X's Unix application directories, and installs a system-level startup item (remember those from Chapter 3?) so that your VNC server is always running. Tech support staff frequently use this type of setup so that they can access computers and provide support when needed. Personally, I have the VNC server running on my computers at home so that I can perform administrative tasks and provide tech support to family and friends, even when I'm not at home.

To install the system-level VNC server, launch Share My Desktop and select File Manage System VNC Server. Then follow these steps:

  1. Authenticate by clicking the padlock button and providing your admin password.

  2. Click Install System VNC to install the VNC software and startup item.

  3. Choose your server settings in the Step 2 box: Provide a password for the server (VNC clients will need to enter this password to connect), a preferred port number (again, something higher than 5900), and the name you want your computer to appear as when others connect via VNC. Check the "Start VNC server on startup" box, and, finally, decide whether you want to allow your computer screen to dim and/or your computer to go to sleep. (Keep in mind that if you let your computer go to sleep, users—including you—can only connect via VNC when it is awake.) Click Apply Settings.

  4. Click "Turn on System VNC" to start the VNC server.


Once you've set up a system-level VNC server, you can't control the server using the main Share My Desktop window; you have to use the Manage System VNC Server window.

Controlling Your Mac via a VNC Client

Once you've got the VNC server running on your Mac, you can connect to it using its IP address and the port number and password you provided (or that Share My Desktop provided for you). The only thing you need is a VNC client. There are VNC clients available for every platform, so you can actually connect to and control your Mac from any computer anywhere there's Internet access. In terms of VNC clients for OS X, I prefer VNC Thing (, mainly because it allows you to resize the client window (it scales the display to fit) and because it allows you to "bookmark" VNC servers.

To connect to a VNC server using VNC Thing, select File New Session The connection dialog is extremely simple: enter the IP address of the server, including the port number, and the password (not your personal password, but the VNC server's password). There are a few other options available to you by clicking the disclosure triangle at the bottom of the connection window; the most useful is "Shrink to fit," which automatically shrinks your view of the server's Desktop to fit the VNC Thing window. When you click OK, a window will appear showing you the server's Desktop; by default this window covers the entire screen, but you can resize it to whatever size you choose (Figure 11.10).

Click To expand
Figure 11.10: A VNC client/server connection lets you control one Mac from another.

When you move your cursor over the VNC Thing window, you'll notice that it changes to a smaller cursor; the means you're actually controlling the cursor on the remote computer. Anything you do with the mouse and keyboard here are actually also taking place on the remote computer.

Although VNC technology is very cool and quite useful, there are a few caveats to keep in mind:

  • Because using VNC is so graphics-intensive, performance isn't great—you'll notice that when you move windows around on the remote computer, it takes a few seconds for the VNC Thing window to reflect the changes.

  • Your Mac must be able to communicate via IP with the computer that is trying to connect. If you or another user is trying to connect to your Mac over the Internet, your Mac must currently be connected to the Internet. If you or another user is trying to connect from a computer on a local network, your Mac needs to be connected to the network and have a local IP address.

  • Unlike Remote Login, which lets you log in as any user, VNC lets you see and control the computer as whichever user is currently logged in. Remember that you're not really logging in; you're simply seeing whatever is going on onscreen. If you have a system-level VNC server installed, this means that you can actually log in and out of accounts (as the VNC server will let you connect even when no other users are logged in, so you can see and use the login screen). However, if you rely on a user-level server, you can only connect when a user has started the server manually, and logging out of that user's account will shut down the VNC server.


OSXvnc and its clients are actually very good as far as free VNC servers and clients go. However, if you need more functionality, you may want to consider the commercial software Timbuktu Pro ( Timbuktu provides all of the remote control functions of OSXvnc, plus more advanced features such as the ability to transfer files between the local and remote computers via drag and drop; the ability to talk to the user of the remote computer via your Mac's microphone and speaker; and the ability to automate actions using AppleScript. In addition, Apple has its own commercial offering, Remote Desktop ( that's aimed more at the education and organizational markets.