I frequently use my box remotely via ssh. I've set up OSXVnc so that it's not a startup item, but can be started up easily from the ssh session (and forwarded over it). I consider this to be more secure. I also forward X11 over ssh in an encrypted manner. There are some scripts and modifications that I find invaluable that let all of this run smoothly.
X11
To allow X11 forwarding, you alter the file /etc/sshd_config. You need to add lines (or uncomment ones that exist) so that you have the following:
X11Forwarding yes
X11DisplayOffset 10
The first line allows forwarding, the second tells SSH which display offset to forward. It's probably a good idea to have a number here -- so that truly local windows don't get forwarded. When you ssh into your machine, be sure to use a -X option to forward the X server (or an equivalent GUI option). If your client allows, get it to set up the DISPLAY variable. If not, then set it to localhost:10.0, which directs the X11 connections to a local X display 10 -- that's the one you selected for forwarding, so it'll actually pop up on the remote machine if you set up an XServer on it (I can recommend XWin multiwindowed for Windows).
VNC
First of all, some utility commands to help launch and kill the VNC server - I'm using OSXVnc here. I call this one startvnc:
#!/bin/sh
/Applications/OSXvnc.app/OSXvnc-server -rfbport 5901 \
> ~/Library/Logs/OSXvnc-server.log 2>&1 &
And its friend, stopvnc:
#!/bin/sh
killall OSXvnc-server
Save these two, make them executable, and put them in your path (I use tcsh with Athena initialization setup, so ~/bin works nicely). Now you need to get the sshd server to forward the connection. To do this, you forward local port 5901 to some port on the machine you're SSHing in from. Port 5901 on that machine would be fine:
% ssh -X -L 5901:127.0.0.1:5901
This way, you can connect on the machine you SSH from to the local port 5901, and get your remote machine's (encrypted + tunneled) VNC connection. If you also use the -C switch for ssh, the X11, VNC and terminal setup will be compressed! In combination with screen (see other hints here), this is a really powerful, but secure setup.
#!/bin/sh
osascript -e 'tell application "'"$1"'"' -e 'quit' -e 'end tell'
What about, I'm done now and I want to shut down. Try kindshutdown:
#!/bin/sh
osascript -e 'Tell application "Finder"' -e 'shut down' -e 'end tell'
Or better still, after upgrading a system component via the command line softwareupdate command, try kindrestart
#!/bin/sh
osascript -e 'Tell application "Finder"' -e 'restart' -e 'end tell'
All of these will nicely treat apps that have unsaved data and so on. A box will be displayed to ask you if you want to save changes -- and the kind* script won't exit until you deal with it. So if it's taking ages, you can hit Control-C and fire up OSXVnc and deal with the box. But it's much safer than other commandline options -- those will just kill everything no questions asked. These scripts are not overly complex, but do provide a great deal of utility for me. Hope these are useful for other people too.
Mac OS X Hints
http://hints.macworld.com/article.php?story=20040805093140594