Reverse VPN Screen Sharing

Shared by Kevin Smith.

This describes how to securely connect a remote user to screen share a networked machine, such as for pairing.

e.g. Pairing with Joeybot

Step-by-step guide

  1. Obtain the username, password, IP address, and ssh port from the remote person (see below for details)
  2. Open Terminal application on the pairing station
  3. Run the following command in the Terminal window:
    1. ssh -N -R 15900:localhost:5900 -p SSHPORT USERNAME@IPADDRESS
    2. e.g. ssh -N -R 15900:localhost:5900 -p 253 tempuser@123.123.123.123
    3. Input the password
  4. There is now an ssh connection established between the network and remote machines and the remote machine's is listening on port 15900 and forwarding that port to the network machine's port 5900 (vnc)
    1. see https://www.howtoforge.com/reverse-ssh-tunneling for more info on this technique
  5. Open Terminal application on the remote machine
  6. Run the following command in the remote's Terminal:
    1. open vnc://localhost:15900 
    2. A VNC login should popup, input the network username and password

 This requires setup by the remote user to establish a user that can login to their machine via ssh, and that their machine can be reach with an public IP address (proper port forwarding through any routers)

Setting Up a Remote Mac for Remote SSH

Add A Standard User (e.g. 'tempuser')

Give it a username (such as tempuser) and password that you will be providing to use from the networked machine.

Set Advanced Setting on tempuser

Change /bin/bash to /usr/bin/read so that tempuser has no access to anything on the remote machine.  (When an ssh connection occurs the login will not get a bash terminal. Instead /usr/bin/read will run which will keep the connection open until Ctrl-C is press.)

Add tempuser to Remote Login

Under System Preferences "Sharing" make sure Remote Login is check and this new user is added to the list of users allowed to Remote Login.

Forward a Port On the Router

This will be specific to your router.  There are guides available for many routers here: http://portforward.com/english/routers/port_forwarding/ 

The public port number configured will be used as the ssh port when connecting from the network.

Find Your Public IP Address

http://www.google.com/search?q=what+is+my+ip

This IP address will be used to connect to the remote mac from the network.

Error: Operation already in progress for pkg-config

Error: /Stage[main]/Main/Node[default]/Package[openssl]/ensure: change from absent to present failed: Execution of 'brew install openssl --appdir=/Applications --force' returned 1: Error: Operation already in progress for pkg-config

Another active Homebrew process is already using pkg-config.

Please wait for it to finish or terminate it to continue.

Here is the solution.

rm $(brew --cache)/Formula/*