Apple Remote Desktop client: HowTo?
 

I find that I can start the ARD server just fine, but where is the client? I already have VNC running on a remote Linux server, and I would like to connect to it with an OS X client.

I read that Chicken has been over a year since the last update, and that the ARD client is faster than a third-party VNC client anyway. But how to invoke it?

The ARD client is available for money from Apple: $299 for 10 managed systems, and $499 for unlimited managed systems. http://store.apple.com

Trevor

ARD is way overkill as a VNC viewer on a non-Mac. You're paying for the client management functionality. Have you tried Chicken or do you believe everything you read? I may be fine for you.

What?! $299 for the client? Ridiculous.

So they do the reverse of normal, provide the server with the OS, but charge for the client?

Sounds like open-source to the rescue again.

pat, looking at COTVNC's website, the latest release is 1.5 years old. Something must be wrong at the project. I know new vulnerabilities have been found since then; and how long has Tiger been out?

Looking for a fast, secure VNC like TightVNC, which I've used for years in Debian; maybe it'll compile on the Mac.

ARD is not a VNC client. It is a desktop managment solution that is well worth the money, but as I mentioned, it is way overkill (and useless) for using as a VNC client for 1 non-Mac machine. ARD is more in line with something like Timbuktu or NetOctupus or even Landesk/Lanrev to some extent.

I'm not sure what the future holds for COTVNC but right now it works fine and is the most commonly used (and only) free VNC viewer for the Mac. It's a very basic app and I'm not sure why an update would be needed other than to get it out of beta status. Are there known vulnerabilities or are you assuming there are? This is just the viewer, not the server which is where vulverabilties would normally show up.

Just to further clarify on Patrick's reply to the above question. Both flavours of OSX (client and server) include ARD client; as in, it's free and installed as part of the OS. You can see it in your Sharing Preferences within the Services tab.

The $299 is for Apple Remote Desktop Admin which, as Patrick states, is overkill for single user type uses i.e. a user simply wants to access and control his home computer from a remote location or control another computer from within the same network. There are alternative free solutions for that scenario which work perfectly well.

ARD Admin comes into it's own when used by a system administrator in say a classroom environment or, indeed, a business environment.

Costas

pat, a connexion can be hijacked ("man-in-the-middle") and a session taken over, so good security is important even for the client. True, I am VNCing through a reverse SSH tunnel, but security is like money; you can never have enough in my business. COTVNC is just too old.

Costas, I see the ARD server in Services|SharingPreferences. Seems clear that is the server. Asking in this thread how to invoke the client, as I read that ARD client will connect with a VNC server and is in fact much faster than some VNC clients, but I can't find it. Certainly do not want to turn on the server just to get the client, most especially as that automatically opens the firewall for that port (5900), but also because I'm already using that port.

Ah, I find that TightVNC requires X11, which would slow it down. Is the OS X X11 for Intel, native code, or is it emulated?

I guess I need to look for a VNC which runs in eh... Coca? Qt?

The X11.app is universial, I can't say for sure the rest of the Xfree86 components but most likely it is. X11 does not mean slower, it means non-aqua.

Here's another VNC viewer I came across:
http://www.redstonesoftware.com/prod...wer/index.html

Thanks pat, Vine looks like an option. Also I've found that the original developers of VNC offer an OS X version.

The ideal though, would be an open-source (Coca? Qt?) VNC.

Found this on the Apple Mailing Lists:

Yes, the ARD "client" is the client to the ARD $299/$499 "admin" application. The VNC functionality is basically an added bonus in there because the ARD "admin" app happens to use that protocol to connect to a "client".

I wouldn't worry too much about the interface of your chosen VNC client, all you need it for is to enter an address and password, you're not going to be interacting with the UI that much.

Oh FCS. Thanks pat.

And it's not about the interface; it's about avoiding the anticipated slowdowns of X11. I like X11, but for this particular purpose it's not a good fit. TightVNC is trustworthy and fast, but requires X11.

Examining Vine and RealVNC. Using the wonderful VirtueDesktops; my normal workspace is Desktop 1, and plan to put my VNC remote Debian session on Desktop 2 and VMware running Winduhs2000 on Desktop3. Haven't figured out how to make more than 3 desktops in VirtueDesktops.

Oh, I see: with VirtueDesktops, click on the icon|ConfigureDesktops|+ to add a desktop!

Ha, beautiful.

First I tried Vine, but they want me to ask permission for their rinky-dink license, so that's a nonstarter.

Then I tried RealVNC. Installed it and set the ip:port to localhost:5900 (reverse SSH tunnel), then set Options and tried to connect. It authenticated fine, but then I got the dreaded Black Screen... means my server and client color settings are not coordinated. Server was set to 16bit and client to Full color, so I set the server to 32bit and restarted.

Voila! I was presented with my remote machine, but the client VNC window was way bigger than my MBP's desktop, since my old machine was higher-rez. Went to the server and changed dimensions to 1280x1024, but still too big so I set it to 1152x864. Still not quite right so I decided to try a non-orthodox setting, and it turns out that 1420x855 is just right for my MBP.

So I now have a very suitable, fast remote connexion to my Debian machine on my local Desktop 3. And I used VirtueDesktops to lock VNC on Desktop 3, so it will always be there, and I can rotate the cube to it with two clicks.

ARD admin is VNC over ssh with apple's GUI. 500 dollars for an unlimited license is not bad considering software costs these days. I run ARD admin on my macbook pro and it has features that other remote desktops do not. The curtain feature is nice, the scanners is nice, the GUI over all is very intuitive and the ARD client is already built into the OS, which is VNC thus third party VNC apps can be applied here.

The bottom line in my professional and personal opinion is, if you have the means and are seriously managing Macs on a business or enterprise level, ARD admin is the best way to go.

Well done.

I'm just a grassroots hacker with few connexions and little money, so this works for me.

ARD does not use SSH. It uses AES-128 for certain operations with an ARD client (not with straight VNC clients).

Yes, I am sorry what I meant to say, it uses the same standard encryption that an SSH server would, AES-128. You are correct, and that is what I meant to say in the first place. Thanks for correcting me.

However when you launch the terminal option in ARD admin, it uses ssh to connect to the client machine.

I prefer AES256, which I am set to.

And my SSH is active all the time, since I'm using a reverse tunnel. Plus since the tunnel is reversed it can't be cracked, to my knowledge. To be honest, I'm a bit suspicious of commercial apps like ARD which are not subject to peer review. Possible undiscovered bugs, and government backdoors.

Ah'm just sayin'...

Yeah, I know what you are saying....

Got your tinfoil hat so the government doesn't read your brain waves?:D

You got it, man.

(clik the pic)

in all fairness I see where you are coming from. I use DDWRT firmware on my router which allows for me to ssh into it from anywhere via internet. I create ssh tunnels then run things like MS remote desktop and VNC type things because out of the box encryption is sometimes really just a deterrent and not an actual security solution. However, I do not know enough about hacking/cracking to really justify my statement. I do know the basics of network security and I do know what measures one should take to keep themselves protected, but at the same time I think some people tend to get paranoid on that subject.

Nice pic btw.

I've been a systems analyst for 27 years, and the highest security I've found is setting up these reverse-SSH tunnels. My remote Debian server runs services like DNS, web object caching, apache, etc, and all those services are only listening to the internal 127.0.0.1 IP, on their respective ports. The server is also running the SSH daemon, which is the only thing listening to the outside.

From my local machine I set up a reverse tunnel for each service on the remote host, all passing through SSH. This brings those remote ports to my localhost on ports 2280, 2253, etc. I set the first two digits to 22, to remind me they are tunneled through SSH. So to access the remote DNS for example, I set DNS for my local network card to 127.0.0.1:2253; so on each DNS request the machine reaches into its own bellybutton and tunnels out to the remote machine where that remote DNS server executes the request.

I have a thread here where I set up my new MBP client. Forgot how I set up the server, but do a web search on ssh, sleeper, tunnel to find the HowTo.


Most Americans are oblivious to what's going on now. Did you know that habeus corpus has now been rescinded by the Military Commissions Act? No more due process even for citizens, believe it or not. Warrantless wiretapping (& internet tapping) has been a reality for three years, on all communications users, regardless of nationality.

And now they have passed a new law which strips all pretense of American privacy in our financial transactions, medical care, legal and medical privileged communications and much more. The U.S. Constitution has been shredded. Why do they hate America?

Just because you don't feel it yet tlarkin, doesn't mean it's not there.

well thanks for the info. I have been IT networking/technician/consultant for about 8 years now. I know that in very large networks security can be a very hard thing to lock down because sometimes it is turned off or changed in a way to make things work better on a larger scale. But having a private network behind firewalls, NAT, and good routers we seem to keep our network pretty safe from outside attacks. There are definitely flaws though, and I know that some of them may never be fixed.