Mac-to-Mac Remote SSH & VNC Tunnel
Remote access between Macs can be a powerful tool, but it's important to understand all aspects of the connection. This blog post introduces a Perl one-liner that combines SSH tunneling and VNC for quick and secure remote connections.
The One-Liner Solution
Here's my compact Perl one-liner:
xxxxxxxxxx -::=':constants' - 'say q|> |, GREEN $tunnel, RESET; system $tunnel; say q|> |, GREEN $vnc, RESET; system $vnc; print q|> |, UNDERLINE q|Hit enter to shut down the tunnel...|, RESET; <STDIN>; qx(ps aux | grep "ssh -fNL 5901:localhost:5900" | grep -v grep) =~ s~^\S+\s+(\d+)~system qq|kill -9 $1|;~xer; say q|> |, RED q|Tunnel closed! Bye!|; exit 0;' -- -='open vnc://localhost:5901' -="ssh -fNL 5901:localhost:5900 $IP"How It Works
SSH Tunneling: Creates an SSH tunnel with
ssh -fNL 5901:localhost:5900 $IP, forwarding local port 5901 to the remote Mac's port 5900.VNC Connection: Opens a VNC connection to
localhost:5901, which is tunneled to the remote Mac.Process Management: Waits for user input before closing the connection and ensures the SSH tunnel is properly terminated.
Using the One-Liner
Set the
IPenvironment variable:xxxxxxxxxxexport IP=username@192.168.1.100Replace
username@192.168.1.100with the appropriate username and IP address (or hostname) for your remote Mac.Run the one-liner:
xxxxxxxxxxperl -MTerm::ANSIColor=':constants' -sE 'say q|> |, GREEN $tunnel, RESET; system $tunnel; say q|> |, GREEN $vnc, RESET; system $vnc; print q|> |, UNDERLINE q|Hit enter to shut down the tunnel...|, RESET; <STDIN>; qx(ps aux | grep "ssh -fNL 5901:localhost:5900" | grep -v grep) =~ s~^\S+\s+(\d+)~system qq|kill -9 $1|;~xer; say q|> |, RED q|Tunnel closed! Bye!|; exit 0;' -- -vnc='open vnc://localhost:5901' -tunnel="ssh -fNL 5901:localhost:5900 $IP"
Important Consideration: Screen Visibility
It's crucial to understand that when you're connected via VNC, the screen of the Mac you're remoting into will be visible to anyone physically present at that machine. This means:
Active Display: The remote Mac's screen will show your actions in real-time.
Privacy Concerns: Any sensitive information you access or type will be visible on the remote screen.
User Awareness: Other users of the remote Mac will be able to see that the computer is being accessed remotely.
This visibility is an inherent feature of VNC and can be both a benefit (for collaborative work) and a potential privacy risk. Always ensure you have the permission and trust of the remote Mac's owner or primary user before connecting.
Prerequisites
Ensure the following on your remote Mac:
SSH is enabled (System Preferences > Sharing > Remote Login).
Screen Sharing is activated (System Preferences > Sharing > Screen Sharing).
You have the necessary access permissions.
Security Considerations
This setup tunnels your local port 5901 to the remote Mac's port 5900.
Always use strong passwords and consider implementing SSH keys for enhanced security.
The use of an environment variable for
$IPadds flexibility and keeps sensitive information out of the command itself.Be aware of the screen visibility issue and take appropriate precautions to protect sensitive information.
Conclusion
This Perl one-liner provides a powerful solution for remote access between Macs, combining SSH tunneling and VNC in a compact command. By using an environment variable for the IP and username, you can easily switch between different remote Macs.
However, it's crucial to remember that this method of remote access makes the remote Mac's screen visible to anyone physically present at that location. This feature can be beneficial for remote assistance or collaboration but requires careful consideration of privacy and security implications.
Whether you're troubleshooting, accessing your home computer from work, or managing multiple systems, this one-liner offers a quick and secure way to establish remote connections. Just remember to use it responsibly, with full awareness of its capabilities and limitations, especially regarding screen visibility.