Access a remote Mac from an iPad

I've used Citrix Online's GoToMyPC service for a long time. It is a little pricey, but has saved me more than a few times. It is a fairly simple way to access your home PC (or Mac). A small agent runs on your home system, and then by logging into the website at GoToMyPC.com, you can remotely access that system from any other over the Internet. This all happens without opening firewall ports or special security configuration - GoToMyPC brokers a secure tunnel.

One gap in their service is that they have yet to release an iOS-compatible version of their client; while you can access your home computer from Mac, PC, or Linux, there is no way to use it from an iPhone, or better yet, iPad. This feature has been "coming soon" since the iPad was released, and with no commitment to a solid release date, I began looking at alternatives.

A main competitor to GoToMyPC is a service called LogMeIn. LogMeIn is actually cheaper than GoToMyPC and they have a reasonably-well-rated iOS client available for $30 on the app store. While it offers a security model similar to GoToMyPC, LogMeIn requires that you enter your PC or Mac's password directly into their application - and this set off my computer security paranoid alarm.

Having ruled out LogMeIn, I looked at a new iOS app called Screens. Screens is a VNC client that works equally well on iPhone and iPad. Mac OS has a built-in VNC server, and to increase security, also offers SSH for creating a secure tunnel for the session. Thankfully, Screens also has built in SSH support.

There are a few steps I needed to take to setup my Mac and firewall to allow the connection. First, I setup DynDNS so I can find my Mac on the Internet - my ISP, Comcast, gives me a dynamic IP address. I use an Apple Airport Extreme router and thankful DynDNS has published instructions to configure that router to automatically update DNS whenever my Comcast IP changes.

I also had to open a port on my firewall - not something I like doing, but I came up with a clever method to lock the service down that I will detail later. In the Airport utility, click the Advanced Icon, choose "Port Mapping", and then click the "+" to add a new mapping. Select "Remote Login - SSH" and click Continue. 

Back on my Mac, in System Preferences, I turned on the "Screen Sharing" and "Remote Login" services in the Sharing pane.

Once these are all set, I fired up the Screen app on my iPad, created a new connection and entered the DynDNS hostname I created. The only manual setting was to turn on SSH.

I mentioned earlier I don't like leaving the SSH port opened - while SSH is encrypted, I'd rather protect my personal Mac than risk an unknown security vulnerability be exploited.

To get around this, I created a quick AppleScript that would toggle the Remote Login service on and off:

run application "System Preferences"

tell application "System Preferences" to set current pane to pane "com.apple.preferences.sharing"

tell application "System Events" to tell process "System Preferences"

click checkbox 1 of row 7 of table 1 of scroll area 1 of group 1 of window "Sharing"

end tell

quit application "System Preferences"

 

There is probably a better way to do this, but the script simply opens the System Preferences application, opens the Sharing pane, and checks (or unchecked) the Remote Login service.

To tie this all together, I created a mail rule in Mail.app. I set some specific criteria (i.e. has to be from me, to me, with a specific subject line and body) and the rule then fires off the script. I simply leave Mail.app running. When I want to start a session with Screens, I send myself an email with the keywords that the rule is looking for, the script runs, and SSH is activated. I then connect with Screen, and at the end of the session, send the same email again, and the SSH server is shut down.

Not foolproof, but better than leaving the server up and running all of the time, and gives me access when I need it.