Then I found out that her DSL ISP (Earthlink) is blocking incoming port 22. So I couldn't do an SSH connection to her IP to tunnel to the VNC port on her iMac. This was annoying, but I knew there must be a solution.
What you need is the following:
- your local IP (or hostname)
- the remote user must have a login on your local machine
- you must have SSH enabled ("Remote Login" in Sharing preferences), and port 22 available through your firewall
The AppleScript does a reverse port mapping from her machine to mine. Then I used a VNC application -- I use Chicken of the VNC (CotVNC) pointing at localhost, display 0, to remotely control her iMac:
tell application "Terminal"
open window
set x to window 1
(* USER is a user name on the CotVNC machine *)
(* DOMAIN.ORG is the host name or IP address for the CotVNC machine *)
do script "ssh USER@DOMAIN.ORG -R 5900:127.0.0.1:5900" in x
activate
end tell
Substitute the appropriate USER and DOMAIN.ORG information for your machine in the script.
The only setting you need with Apple's 2.1 client (which should be called ARD 2.1 Server, but that would confuse the unwashed masses) is to check the Apple Remote Desktop in System Preferences Sharing Pane. Then, from the "Access Privileges..." button, check "VNC viewers may control screen with password," enter a bogus password (since we are using SSH for security), and click OK. The other settings are not used unless you are using Apple's Remote Desktop software.
The trick is that we want to tunnel from our local loopback address 127.0.0.1 (IPv4) on the machine running CotVNC to the remote machine. But since the remote machine is behind an incoming firewall that blocks port 22, we need to do a reverse tunnel to our localhost. When the remote user runs this script, the tunnel is available on port 5900 on the localhost for the local VNC client. If you don't have an authorized SSH key on the CotVNC machine, then the Terminal window that opens for the AppleScript user on the remote machine will prompt for a password.
With CotVNC, the setup is to connect to localhost, display 0, with the bogus password. Enter the information in the connection dialog and voila, you have access to the remote machine -- even behind the incoming firewall. The reverse connection doesn't have to be to the login that you are using to connect to the remote machine; any valid login on the local machine will do.

