Apple Remote Desktop

On Mac OS 1.4, there is the option to turn on ‘Apple Remote Desktop’ under the
Sharing system preference. Does this allow me to connect and remote control my
mac from another mac? What do I use for the client – Apple Remote Desktop
Client? Does this use the same ARD security so the user information
(username/password) is encrypted? Is all the session information encrypted as well?

I guess I am basically asking if Apple provides, for free, a one user license
for ARD. I know Apple sells ARD licenses for 10 users or unlimited users, but
this seems like Apple is throwing us a freebie here. Am I right?

Answers

ARD is essentially an apple-branded version of VNC (with a different hash
algo so that vnc clients don’t interwork). the ARD management
application also has some features for remote control and probing that make it
a slight value add, but if you are thinking of a small installation maybe
VNC would be better for you.

But yes, in short, ARD lets you remote control your mac. or observe
someone else’s session. There is some encryption but I believe it is
limited to user/pass info and not the entire session. with VNC common
practice is to tunnel it through an SSH session to achieve the
latter…

you’ll have to ask tim/skip about licensing

Alan Wood
--
Good questions!

The ARD client is included with every copy of Mac OS X, but the Remote Desktop Application is NOT included, that is a separate purchase. Obviously, without the ARD application, having the client doesn’t buy you much, but in the ‘old days’ when the client was not included it was a nightmare to install the client on EVERY system you wanted to manage. So, this new method is more for convenience. The Remote Desktop application comes in two flavors, based on licensing. You can purchase a 10 user version which allows you to manage up to 10 remote computers at a time, or unlimited clients which is the all you can eat version.

Insofar as encryption of remote services, I’ll quote from the documentation:

‘Security and encryption
Apple Remote Desktop 3 users 128-bit AES encryption to ensure that all remote communications are secure, even over the internet, with client computers running Mac OS X v10.3 or later. For screen control and file copy tasks, where encrypting large amounts of data may significantly degrade performance, administrators can choose encryption for improved security or leave encryption off for better performance.’

So, there ya go. There is a good technology overview of ARD @ <http://www.apple.com/remotedesktop/> and also you can find the admin guide there as well.

Tim Parker
Systems Engineer
Higher Education Division, Apple
--
You can also use “Chicken of VNC” as a client, instead of the ARD
manager, after enabling the VNC option in Access Privileges of ARD. Here is a
link to the download:

http://www.apple.com/downloads/macosx/networking_security/chickenofthevnc.html

Chicken of VNC does not offer encryption though.

Babak Samii
--
However, you can get encryption via ssh tunneling. For example, say you have VNC set up to work over 5901. To set up an encrypted network “tunnel” for processes using this port, the following command should work:

$ ssh -L 5901:localhost:5901 -N -f -l rocky sshserver.mydomain.com

For macs though, the localhost hostname can be problematic in some cases. So this might be more robust:

$ ssh -L 5901:127.0.0.1:5901 -N -f -l userfoo sshserver.mydomain.com

The specific option descriptions can be found in the ssh man page, but basically this will forward all traffic occuring on port 5901 to the sshserver over an encrypted channel. The -N says no commands are to be executed (just simple port forwarding). The -f puts the operation into the background.

You can find the process id via:

$ ps aux | grep ssh

So you may kill it when done. There are no limits to how many ports you can forward. The only “gotcha” for this method is that it’s only as secure as user forgetfulness. For personal use, I recommend aliasing your vnc client command in your shell profile. For bash, if the client command is ‘vncbar’ this would look like:

.bash_profile:

alias vncbar=‘ssh -L 5901:127.0.0.1:5901 -N -f -l userfoo sshserver.mydomain.com; vncbar’

If in a multi-user environment, a more creative solution might be needed. Such as writing a wrapper script and placing it in a high order path such as /usr/local/bin.

James Kyle

_Taken from http://lists.stat.ucla.edu/mailman/listinfo/osxforum _

How do I see someone else's screen on Windows XP so I can help them?

How to Change Your Computer Name in Windows XP

Windows XP End of Life 4/8/2014

Repair the Master Boot Record in XP

Installation of TCP/IP Printer in Windows XP Using the Printer's IP Address

You can't add a printer and you have print spooler error in Windows XP

Access denied error when installing Windows XP Service Pack 3

Dell Optiplex 755's and Windows XP installation

Recover from a Corrupted Windows Registry

XP Desktop Setup for AIS Remote Printing

How can you encrypt files on a Windows XP system?

Remove WinXP Printer Notifications

How do I make a Windows XP PC automatically login?

Change the Default NumLock State in Windows XP

How do I get into SAFE MODE in Windows 2000/XP

How to disable CD-ROM auto-run in Windows XP

I have Windows XP, how can I restore my computer to a previous configuration?

How do I disable automatic restarting when using Automatic Updates in Windows XP?

Windows XP Transfer Tool from Microsoft

Where can I find information regarding new/updated drivers required to run Vista?

Where can I find Information regarding deploying Vista?

Wireless networking on vista doesn't get a valid DHCP IP

How to map Novell network drive when running Windows Vista

Where do I download Windows Vista language packs?

Dell Optiplex GX620 systems and Windows Vista

Sysprep links for XP and Vista

Mapping a Novell drive on Windows Vista

Windows Vista and Roxio causes cd-rom/dvd drive not to recognize

Network Printing Problems in Vista

Microsoft Enhanced Mitigation Experience Toolkit (EMET)

In Unix, what do I do when a file I want to edit in vi says "Line too long"?

grep tricks

Location of the sudo log file

Specify section number with Unix man (manual) command

Thin Client technology - Linux Terminal Server Project HOWTO

Manipulating data on Linux

PHP Client can break `less`

How to synchronize files and directories from one location to another on Unix

Bash scripting

SAS on 64b Ubuntu Linux

15 Basic ‘ls’ Command Examples in Linux

cron job examples

adding date to bash history command

Command Line Tools to Monitor Linux Performance

Linux scp command examples

Linux tee command

Ruby one-liner to count logins in Linux last command

Unix grep, find and maxdepth

avoiding increasing indents while pasting into vi

Unix Cheat Sheets and Tricks

Finding most recently changed files in Unix

vi editing notes

How do I keep color output when paginating shell output through less?

UNIX Tutorials

Case-insensitive searching in vi

Customizing vi

lsof, the least talked about Unix tool

How can I check/verify that Red Hat Enterprise Linux is up-to-date for Daylight Savings Time

Advantages of less over more (UNIX)

diff and patch

Reasons to Use Vim over Vi

Useful Commands for Vi

using find and chmod together in Unix

finding words in binary files

How do I extract certain columns from a text file in Unix?

Awk Explained

combining unix stderr output with stdout

Linux performance analysis in 60 seconds

ENVI 5.0 and OS X 10.8 installation

Install Sophos on Mac OS 10.8

Cisco VPN Client for Mac OS 10.6 Snow Leopard

Mac OS X & Mac OS X Server v10.6 Security Guides

Turn off Spotlight indexing in Snow Leopard

Ricoh printer/copier setup for older models not supported in OS X 10.6

How to Reset Password in Lion

Disable Mac OS X Lion Resume

Disable Mac OS X Lion 10.7 Startup Chime / Sound

OS X 10.11 El Capitan – Learning Resources

iCal Slow after El Capitan 10.11 Upgrade

How to Change your Domain Password on OS X El Capitan