This is one of those paranoid thoughts that I get.

Remote screen sharing on Mac that uses a password through VNC can be a source of attack.

Obviously, if you’re just using it locally to share that ain’t much of problem.

But what if you are running a mac-mini headless and you open up the router so you can connect to it when you’re out having fun with the Catwoman. What then? This open remote screen app might make you susceptible to a brute force attack.

To foil some Joker that is roaming Gotham City looking for open doors, enable screen sharing only when you need it.

And make sure your open port is something else besides 22 or 5900.

Ssh into the remote server from your local computer to check on screen sharing status:

ssh user@remote-ip-address

Check if remote screen sharing is running:

sudo launchctl list | grep screensharing

If you get no output, it’s not working.

To enable screen sharing

sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.screensharing.plist

Exit from the remote server - important.

exit

Tunnel into the remote server by entering this ssh command on your local computer. The open port # is the port # on the remote computer that you left open to remote in.

ssh -N -L 5901:localhost:5900 username@remote-ip-address -p [open-port-#]

If working properly, you’ll get no response. It’ll look like it’s hanging. Leave that window open and open a second terminal window on the local computer to actually connect to the remote screen sharing computer. Run the following command on the local computer:

open vnc://localhost:5901

This open vnc replaces open /System/Library/CoreServices/Applications/Screen\ Sharing.app and then localhost:5901.

When finished using the remote computer, close the sharing window. Then use ssh on the local computer to remote back in and disable screen sharing on the remote computer.

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.screensharing.plist

Check it’s disabled:

sudo launchctl list | grep screen-sharing

No response means it is disabled.

By the way:

-	0	com.apple.screensharing

The first column (-): This dash indicates that the service doesn’t have a process identifier (PID) associated with it. This is normal for services that are loaded but not currently running an active process.

The second column (0): This number represents the exit status of the service. A value of 0 means the service is working correctly with no errors. If there was a non-zero value here, it would indicate that the service had exited with an error.

The third column (com.apple.screensharing): This is the service identifier or label for the Screen Sharing service.

Visit Emlekezik.com