Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Secure remote access to a Mac from Windows Network
I work at a large company that blocks all Internet ports, only allowing access to the web through a proxy server on ports 80 and 443. I have a fast connection at home and a nice shinny PowerBook sitting on my coffee table all alone. I searched high and low to find exactly how to accomplish this, but I could only find bit and parts.

I connect from Windows with ssh through the work proxy to my Airport Express then to my Mac. I tunnel a VNC connection through ssh, and control the desktop remotely. Make sure you are not violating your company's policies before attempting this.

My company forces me to use a Windows computer at work, but there are tools that will let you connect back home. I chose PuTTY (for Windows) for connecting via ssh to home. I configure PuTTY to go through the proxy, and to tunnel port 5900. I also set up a dyndns host to deal with the changing IP address of the home computer. I enabled remote login and Apple Remote Desktop (ARD) in the Sharing panel of System Preferences. After enabling ARD, click the Access Privileges button on its Sharing screen, select ‘VNC viewers may control screen with password,' and type in a password.

You will need to set up your Airport Express to forward ports 22 and 5900 to your PowerBook. Do this buy opening Airport Admin and selecting Port Mapping, press the Add button, and type public port 22 to the PowerBook's internal IP address (i.e. 10.0.1.2), and private port 22. Do the same for port 5900.

For work, I login with PuTTY via ssh and then I use TightVNC to control the desktop at home. I also found this link, which covers PuTTY tunnel configuration. Now you are on your way to setting up other home server services such as WeDAV, FTP Web etc.
    •    
  • Currently 3.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (3 votes cast)
 
[79,591 views]  

Secure remote access to a Mac from Windows | 10 comments | Create New Account
Click here to return to the 'Secure remote access to a Mac from Windows' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Secure remote access to a Mac from Windows
Authored by: diamondsw on Nov 08, '05 07:05:58AM

All you need to forward on the router is port 22. VNC will be tunneled in the SSH connection and will be connecting to 127.0.0.1:5900 on the other end, already inside your home LAN. I have the same setup here at home, but I use OSXvnc as it is a MUCH faster VNC server.



[ Reply to This | # ]
Source for more info on ssh tunnels
Authored by: jmacak on Nov 08, '05 08:27:13AM
Here's a source for a movie (fairly lengthy - 20MB) about how "to use your Mac from any PC over the Internet." The page also includes links to other resources. The author uses PuTTY and other ssh utilities for Windows, OSXvnc, etc. and demonstrates a thorough step-by-step set-up process.

HOWTO Use Your Mac From Anywhere

Jim Macak
Macintosh Help and Consulting
Milwaukee, WI
www.yourmacdoc,com


[ Reply to This | # ]
Source for more info on ssh tunnels
Authored by: tonygoulding on Nov 09, '05 07:48:06AM

This is a terrific tutorial. It worked flawlessly for me.

My only issue is that VNC doesn't seem to work when you logout the Mac user or do a Fast User switch. VNC closes. When I restart it, I get:
Connection failed - error reading Protocol Version. Possible causes - you've forgotten to select a DSMPlugin and the server uses a DSMPlugin...

Did anyone else hit this and manage to overcome?
Thanks
Tony.



[ Reply to This | # ]
Secure remote access to a Mac from Windows
Authored by: sweetsdream on Nov 08, '05 09:35:51AM

I thought that too but I couldn't get things to work without forwarding 5900 as well. I use NAT at home I'm not sure if that has something to do with it.

---
Cheers,

Sweetsdream



[ Reply to This | # ]
Secure remote access to a Mac from Windows
Authored by: Lost_N_confused on Nov 09, '05 11:50:09AM
You should be able to forward any port even if you have NAT enabled. You need to use static IP addresses on your home network. You can forward port 5900 from the local machine to any port on your firewall. All you need to do is set aside a port that corresponds to each local machine.

You set your WinDoze ssh client to forward localhost:5900 to any machine you want to connect to.
Home Firewall                   Home Machine
12.12.12.1:5000                 10.1.1.50:5900
12.12.12.1:5001                 10.1.1.51:5900
12.12.12.1:5002                 10.1.1.52:5900
The only problem you might have is the proxy server blocking your WinDoze ssh client. I take classes at the local college and get tired of their goal to save me from the evil Internet and do this all the time. I chat and connect to my Macs at home and work to surf sites that are blocked.

[ Reply to This | # ]
Secure remote access to a Mac from Windows
Authored by: sweetsdream on Nov 09, '05 11:57:13AM

The work proxy server does block port 22 but PuTTY can be setup to go through the proxy.

---
Cheers,

Sweetsdream



[ Reply to This | # ]
Secure remote access to a Mac from Windows
Authored by: damomurf on Nov 08, '05 11:47:29PM

Your explanation actually slightly contradicts itself in that to be able to SSH from your work to home, your work firewall obviously allows SSH (port 22) in addition to 80 and 443.

If you're unlucky like me, your work blocks SSH access too. Long live the 1950s.



[ Reply to This | # ]
Secure remote access to a Mac from Windows
Authored by: sweetsdream on Nov 09, '05 07:32:36AM

I setup PuTTY to use the port 80 proxy. My company does not allow port 22, only 80 and 443. In you site settings you can load you proxy server and port.

---
Cheers,

Sweetsdream



[ Reply to This | # ]
Secure remote access to a Mac from Windows
Authored by: sweetsdream on Nov 10, '05 05:04:50AM

After playing with this more and helping my co-worker setup the same thing I found a slightly more secure way of doing this.

If you don't forward port 5900 in you Airport Express, you can setup the tunnel in PuTTY to the home internal IP address. I tunnel local port 5900 to remote port 10.0.1.2:5900 within the PuTTY tunnel congiuration. This will only open your external IP Address to port 22.

---
Cheers,

Sweetsdream



[ Reply to This | # ]
Secure remote access to a Mac from Windows
Authored by: cwasmer on Oct 19, '07 11:20:38AM

I realize this is a bit old, but it appears not too much has changed since this was posted and I am looking for the way to use the http proxy to get out of the office and tap my home network. Whenever I try, I get hung up for five minutes, then putty gives up. My office has a proxy configuration script, but I'm fairly certain I've id'd the proxy server to which my connections are directed. I've tried it as an HTTP proxy and as a Socks5 proxy - either way it sits there for 5 minutes, then aborts its attempts, having heard nothing from the proxy server. Other proxy servers listed in the script are rejected promptly with a 403 error - not allowed.

Any ideas?



[ Reply to This | # ]