SFU faculty and staff are able to remotely connect to on-campus managed Mac computers by using SFU's Virtual Private Network and Apple's built-in Screen Sharing app.
This is a convenient way to:
- Remotely log in to on-campus managed Mac computers from a remote Mac.
- Access software and files from office workstations.
- Connect with other on-campus resources (such as shared-drives and printers).
You won't be able to use remote desktop without MFA or SFU VPN. Already have MFA and SFU VPN? Skip and proceed to Step 3.
Setup instructions:
These instructions are for connecting a remote Mac to a managed Mac on campus.
Apple provides a fairly simple resource for remote control like Microsoft does with Windows "Remote Desktop". It is not as feature-rich or mature as Microsoft Remote Desktop but it gets the job done.
Note: Macs can use simple VNC, but we will never use this. We will allow the Screen Sharing service. When we do, we should take extra measures to tunnel through SSH to ensure it is encrypted.
One thing to look out for: The majority (over 85%) of managed Macs at the University are already configured for Remote Management. Both services cannot be configured simultaneously, so the route you take will depend on how your Mac is currently configured.
With Apple screen sharing the user ID and password are sent encrypted, as are keystrokes and mouse movements.
Scenario 2: SFU managed Mac that has Remote Management configured
It is still possible for an administrator to allow your Mac's main user to access, but the process is a little different.
Only one service can be configured, so you must add your user in the "Remote Management" dialog.
- Open System Preferences: Sharing
- Don't touch the Screen Sharing option.
- As an administrator, highlight the "Remote Management" section.
- On the right-hand dialog, only the first two options are necessary (observe and control)
- Enabling the remaining options will allow features only possible via Apple Remote Desktop. This is not necessary.
If you are not the administrator of your Mac, please contact your local IT support personnel to make these changes for you. Connect to your Mac using the built-in Screen Sharing application.
You can find this app in: /System/Library/CoreServices/Applications/Screen Sharing.app
Power considerations:
Remote wake services designed for Windows PCs are not reliable on routed networks for Macs. As such, if you need reliableremote access to your Mac, please consider temporarily disabling system sleep.
Firewall considerations:
The service connects on TCP port 5900 (just like VNC). The user ID and password are sent encrypted, as are keystrokes/mouse moves.
The managed Mac firewall is set to allow connections at a rate of 6 failures per 30 seconds. Brute force attempts past this rate will be blocked.
Tunneling through SSH:
Another secure approach is to use an ssh tunnel for screen sharing. Do-able, but requires a bit of set up to work.
Using SSH port forwarding and VNC you can connect to your remote desktop using the Screen Sharing application.
- First connect to your machine over SSH and port forward 5900:
$ ssh sfuid@mac.its.sfu.ca -L 5900:localhost:5900
- Now open "Screen Sharing.app" and connect to "localhost", specifically (you've already made a SSH connection to your Mac in this last step)
- This way all portions of your connection are encrypted.
For additional information, see Mac screen sharing by Apple.