- Get help
- Services
- Announcements & alerts
- Service outages
- Security alerts
- Major initiatives
- Using automation to drive efficiency and innovation at SFU
- Welcome to the new SFU Mail: now faster, secure, intuitive
- Reintroducing IT ServiceHub: Your One-Stop IT Support Platform
- Supporting SFU's Digital Transformation with Exchange Online
- Important changes to SFU email practices
- Transforming the SFU experience through digital improvements - Key Initiatives in Progress
- Jovanna Sauro wins SFU Personal Achievement Award
- Improve your cellular coverage by enabling WiFi Calling
- New committee guides transformative changes at SFU
- Expanded identity options for students within SFU applications
- SFU works toward keeping devices out of landfills
- A journey to improved WiFi
- Help us, help you, connect to better WiFi
- IT Services' new support system: ServiceHub
- Information Security Essential Courses
- IT Services leadership announcement
- University Wide Password Change Initiative
- April 2021 technical issue
- Telephone System Core Infrastructure Upgrade
- Decommissioning fraser.sfu.ca
- About
- Information security
Remote access to Managed Mac
How to Configure Remote Access for Managed Macs
These instructions are for connecting a remote Mac to a managed Mac on campus.
Apple provides a fairly simple resource for remote control like Microsoft does with Windows "Remote Desktop". It is not as feature-rich or mature as Microsoft Remote Desktop but it gets the job done.
Important note: Macs can use simple VNC, but we will never use this. We will allow the Screen Sharing service. When we do, we should take extra measures to tunnel through SSH to ensure it is encrypted.
One thing to look out for: The majority (over 85%) of managed Macs at the University are already configured for Remote Management. Both services cannot be configured simultaneously, so the route you take will depend on how your Mac is currently configured.
With apple screen sharing the user id and password are sent encrypted, as are keystrokes and mouse movements.
Scenario 1: No Screen Sharing or Remote Management configured
- Open System Preferences: Sharing
- Click on Screen Sharing
- Be sure to only allow access for your main user
- Stop here.
- Do not ever enable VNC
We are NOT configuring VNC access at SFU, and doing so reduces security of our systems. Never, ever promote this practice.
Scenario 2: SFU managed Mac that has Remote Management configured.
It is still possible for an administrator to allow your Mac's main user to access, but the process is a little different.
Only one service can be configured, so you must add your user in the "Remote Management" dialog.
- Open System Preferences: Sharing
- Don't touch the Screen Sharing option.
- As an administrator, highlight the "Remote Management" section.
- On the right-hand dialog, only the first two options are necessary (observe and control)
- Enabling the remaining options will allow features only possible via Apple Remote Desktop. This is not necessary.
If you are not the administrator of your Mac, please contact your local IT support personnel to make these changes for you. Connect to your Mac using the built-in Screen Sharing application.
You can find this app in: /System/Library/CoreServices/Applications/Screen Sharing.app
Power considerations:
Remote wake services designed for Windows PCs are not reliable on routed networks for Macs. As such, if you need reliableremote access to your Mac, please consider temporarily disabling system sleep.
Firewall considerations:
The service connects on TCP port 5900 (just like VNC). The user ID and password are sent encrypted, as are keystrokes/mouse moves.
The managed Mac firewall is set to allow connections at a rate of 6 failures per 30 seconds. Brute force attempts past this rate will be blocked.
Tunneling through SSH:
Another secure approach is to use an ssh tunnel for screen sharing. Do-able, but a bit of setup work.
Using SSH port forwarding and VNC you can connect to your remote desktop using the Screen Sharing application.
- First connect to your machine over SSH and port forward 5900.
- $ ssh sfuid@mac.its.sfu.ca -L 5900:localhost:5900
- Now open "Screen Sharing.app" and connect to "localhost", specifically (you've already made a SSH connection to your Mac in this last step)
- This way all portions of your connection are encrypted.
Reference: