partially­disassembled

Engineering blog from Studio Drydock.

MacOS Mojave and VNC

First published 18 January 2019

Using VNC to connect to MacOS Mojave from Windows is problematic due to problems with the login screen not responding after first use. None of the suggestions in the linked discussion worked for me, instead I set up a shortcut to remotely kill the login window before attempting VNC connection.

There is nothing innovative or new in this post; just piecing together some information that’s otherwise scattered in various other questions/answers.

Set up screen sharing

Set up screen sharing on the Mac with usual settings, including a password. Also ensure Remote Login is enabled for SSH access.

Password-less SSH access

You should already be able to SSH into the Mac from Windows with a password:

ssh -l alex mac.local

We need to set up an RSA key pair to allow SSH access from an authorised client without typing a password. Generate the keys on your Windows computer:

C:\Users\alex>ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\alex/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in blah.
Your public key has been saved in id_rsa.pub

This has generated a private key (id_rsa) in your SSH directory which can be used to verify your identity with any other computer that has the public key (id_rsa.pub). Open the public key and copy its entire contents into a file on the Mac at /Users/alex/.ssh/authorized_keys (if this file already exists, append the contents; otherwise create the file with just the public key). If you need to approve access from more computers in the future you can add their public keys to the same file.

You can now SSH into the Mac without typing a password.

Password-less sudo

The command to restart the login window on MacOS, which is our workaround for it not responding after connecting with VNC, is sudo pkill loginwindow. Unfortunately this is using sudo which requires a password. We will add an exclusion to this specific command so that it does not prompt for a password.

First, edit the sudoers file by running

sudo visudo

(hopefully you know how to use Vi!). Add this line near the bottom, after all other commands:

alex      ALL = (ALL) NOPASSWD: /usr/bin/pkill loginwindow

You can now run sudo pkill loginwindow without being prompted for a password (log out and in again before testing this to clear the sudo password cache).

VNC connection shortcut

I use the TightVNC client on Windows. Establish the connection, then click the Save button to create a shortcut named mac.vnc which can be launched to connect directly to this computer, including the VNC password.

Putting it all together

Finally, we can create either a batch command file or a Windows shortcut to both remotely kill the login server and open the VNC connection. Here’s the shortcut command target:

cmd /c ssh mac "sudo pkill loginwindow" & start mac.vnc

Alternatives

Two alternatives I tried instead of using the Mac’s built-in VNC server: