Posted by: macoy | September 7, 2006

Mac’s Tip: VNC over ARD

For the SysAds who are deploying or maintaining headless XServes, one of the first questions they ask is, how can one remotely access these machines w/ the nifty Mac OS X interface? Well, there’s Apple Remote Desktop (ARD) but it’s with a hefty price. You can enjoy the trial version for a few weeks though but after that you’ll have to make do with accessing these machines via SSH or telnet.


Fortunately, there’s VNC over ARD for Mac OS X and you just have to click on Apple Preferences –> Sharing –> select Apple Remote Desktop –> Click the Access Privileges… button, check the “VNC viewers may control screen…” checkbox and enter the VNC password then you’re all set to access this machine using your favorite VNC client/viewer (Chicken of the VNC is my favorite Mac OS client by the way).

But based on our experience with my officemates, sometimes the VNC process hangs, thus the need to restart VNC over ARD. Since we cannot anymore access the beautiful Mac OS X Server interface, we have to ssh/telnet to the machine and issue the following command:

# kill -9 `ps ax|grep VNC -m1|awk ‘{print $1}’`

The above command just respawns the VNC process. Note for the Linux/Unix user: kill -9 does not forcibly kill the process, it just respawns or relaunches it.

In the case where VNC over ARD has not been started (the above command will not work in this case PERL script below useful.

The original script is taken from: http://www.macgeekery.com/user/unixgeek but I modified it because for some reason the original kickstart command in the script wasn’t working. I just added a few parameters to the command to make it work.

Note: You have to execute this script on the target machine so you have to SSH/telnet to it first.

For easier usage & execution, follow these steps :
$ perl vncpass_macoy.pl [VNC_PASSWORD] > startvnc.sh
$ sh startvnc.sh

Here’s the script: Just save it to vncpass_macoy.pl or any filename you can think of:

#!/usr/bin/perl
#
# vncpasswd.pl
#
# Encode a password to enable access using with Apple Remote
# Desktop's VNC service.
#
# License: I'm placing this script into the Public Domain. Use as
# you wish, however you wish. You can even claim it to be your
# own if you need.
#
# Usage: perl vncpasswd.pl [password]
#

# ----------------------------------------------------------------------------------
# [Macoy] original script taken from:
# [Macoy]http://www.macgeekery.com/user/unixgeek
# [Macoy] this script revised by macoy [https://macoy.wordpress.com]
# [Macoy] for easier usage & execution, follow these steps :
# [Macoy]$ perl vncpass_macoy.pl [vnc_password] > startvnc.sh
# [Macoy]$ sh startvnc.sh
#----------------------------------------------------------------------------------  

# set plain text password to the first argument on the command
# line. Note: VNC on Mac OS X only uses the first 8 characters. 

$plainTextPassword = $ARGV[0] ||
  die "You must specify the password on the command line!";
$plainTextPassword =~ s/^(.{8}).*/$1/;  

# convert the password to an array
@passwordArray = unpack "C*", $plainTextPassword;  

# XOR key
@vncXorKey = unpack "C*", pack "H*", "1734516E8BA8C5E2FF1C39567390ADCA";  

# print the kickstart command...
# [Macoy] commented line is the original command from unixgeek but it
# [Macoy] didn't work w/ my current xserve. thus the script modification.
# print "sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/
Contents/Resources/kickstart -configure -clientopts -setvnclegacy
-vnclegacy yes -setvncpw -vncpw ";  

# [Macoy] this is the actual working command in my case:
print "sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/
Contents/Resources/kickstart -configure -activate -access -on -clientopts
-setvnclegacy -vnclegacy yes -setvncpw -restart -agent -vncpw ";  

# print the password
foreach $byteValue (@vncXorKey) {
  printf("%02X",$byteValue ^ (shift @ passwordArray || 0));
} 

print "\\n";

If you’re not changing your VNC password, you can just execute startvnc.sh the next time you need to launch/relaunch VNC over ARD.

Advertisements

Responses

  1. “Note for the Linux/Unix user: kill -9 does not forcibly kill the process, it just respawns or relaunches it.”

    Er, no. man signal(3):
    9 SIGKILL terminate process kill program

    Many programs use SIGHUP as the ‘reread your config file’, but that’s simply convention. The reason the AppleVNCServer process restarts is because ARDAgent notices it’s gone and respawns it – check the process id and you’ll see it’s a brand new baby.

  2. Apparently the command now takes a clear text password. Just used ssh into a Leopard server with latest updates and was able to kickstart VNC without encoding the password. Just use the command line embodied in this very nice script but add your password at the end without doing anything else to it. Worked for me.

    • Thanks for the tip Anonymous. Yes I agree with you Amy, it’s not advisable to use passwords from the command-line. We change VNC passwords from time to time though (although it’s not an excuse). Sysads can of course take my example further and pass it on to scripts/utilities to mask password input. Thanks for dropping by my blog and sharing your insights. 🙂

  3. It’s probably not a big deal for most desktop users, but, in general, it’s an unsafe practice to put anything sensitive like a password on the command line. Anyone on the system can see it with ps while it’s running. That only affects you if there are other users logged in at the same time. Also keep in mind that whatever you put on the command line is probably written to your shell’s history file. With the exception of physical access to the disk, that latter one should only pose a hazard when the information confers privileges beyond those of the user.

    In this case, the only workaround appears to be to use a temporary password in the above command, then use the GUI to reset the password once you’ve gained access.

  4. Hmm is anyone else having problems with the pictures on
    this blog loading? I’m trying to figure out if its a problem on my end or if it’s the blog.
    Any responses would be greatly appreciated.

  5. My relatives always say that I am killing my time
    here at web, but I know I am getting familiarity daily by reading thes
    pleasant content.

  6. By doing all your due diligence when making choices for
    the aquaponics system, you will avoid making costly mistakes.
    Nutrient wastage is eliminated because the lake is
    cycled through different tanks continuously. The sky is really the limit while using type of fish you’ll
    be able to grow (provided there are no bans on
    doing so).

  7. It’s an remarkable piece of writing designed for all the web people; they will
    get benefit from it I am sure.

  8. Thanks for one’s marvelous posting! I definitely
    enjoyed reading it, you might be a great author.I will ensure that I bookmark your blog
    and may come back from now on. I want to encourage you to ultimately continue
    your great writing, have a nice holiday weekend!

  9. Good article. I absolutely appreciate this website. Stick with it!

  10. First of all I would like to say fantastic blog! I had a quick question in which
    I’d like to ask if you do not mind. I was interested to find out how you center yourself and clear your head prior to writing.
    I have had a hard time clearing my mind in getting my thoughts out.
    I truly do take pleasure in writing however it just seems like the first 10 to 15 minutes are
    lost just trying to figure out how to begin. Any ideas or hints?
    Kudos!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: