Remote admin helper scripts

Aug 06, '04 09:17:00AM

Contributed by: geohar

I frequently use my box remotely via ssh. I've set up OSXVnc so that it's not a startup item, but can be started up easily from the ssh session (and forwarded over it). I consider this to be more secure. I also forward X11 over ssh in an encrypted manner. There are some scripts and modifications that I find invaluable that let all of this run smoothly.

X11

To allow X11 forwarding, you alter the file /etc/sshd_config. You need to add lines (or uncomment ones that exist) so that you have the following:

X11Forwarding yes
X11DisplayOffset 10
The first line allows forwarding, the second tells SSH which display offset to forward. It's probably a good idea to have a number here -- so that truly local windows don't get forwarded. When you ssh into your machine, be sure to use a -X option to forward the X server (or an equivalent GUI option). If your client allows, get it to set up the DISPLAY variable. If not, then set it to localhost:10.0, which directs the X11 connections to a local X display 10 -- that's the one you selected for forwarding, so it'll actually pop up on the remote machine if you set up an XServer on it (I can recommend XWin multiwindowed for Windows).

VNC

First of all, some utility commands to help launch and kill the VNC server - I'm using OSXVnc here. I call this one startvnc:

#!/bin/sh
/Applications/OSXvnc.app/OSXvnc-server -rfbport 5901 \
> ~/Library/Logs/OSXvnc-server.log 2>&1 &
And its friend, stopvnc:
#!/bin/sh
killall OSXvnc-server
Save these two, make them executable, and put them in your path (I use tcsh with Athena initialization setup, so ~/bin works nicely). Now you need to get the sshd server to forward the connection. To do this, you forward local port 5901 to some port on the machine you're SSHing in from. Port 5901 on that machine would be fine:
% ssh -X -L 5901:127.0.0.1:5901
This way, you can connect on the machine you SSH from to the local port 5901, and get your remote machine's (encrypted + tunneled) VNC connection. If you also use the -C switch for ssh, the X11, VNC and terminal setup will be compressed! In combination with screen (see other hints here), this is a really powerful, but secure setup.

Other utilities

Sometimes, I forget to quit Mail before I leave, then because it regularly accesses my mail server, it can be hard to get a connection from a remote location. I could fire up VNC, and use that to quit Mail, but it'd be a pain. I could also killall Mail.app, but I wouldn't recommend it if you want your data to remain intact. What's needed is a nice way to quit GUI apps from the commandline. Try the kindquit script below, which takes the name (no need for .app) of the application to quit as its argument:
#!/bin/sh

osascript -e 'tell application "'"$1"'"' -e 'quit' -e 'end tell'
What about, I'm done now and I want to shut down. Try kindshutdown:
#!/bin/sh

osascript -e 'Tell application "Finder"' -e 'shut down' -e 'end tell'
Or better still, after upgrading a system component via the command line softwareupdate command, try kindrestart
#!/bin/sh

osascript -e 'Tell application "Finder"' -e 'restart' -e 'end tell'
All of these will nicely treat apps that have unsaved data and so on. A box will be displayed to ask you if you want to save changes -- and the kind* script won't exit until you deal with it. So if it's taking ages, you can hit Control-C and fire up OSXVnc and deal with the box. But it's much safer than other commandline options -- those will just kill everything no questions asked. These scripts are not overly complex, but do provide a great deal of utility for me. Hope these are useful for other people too.

Comments (5)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20040805093140594