How to use Apple Screen Sharing (VNC) with 2FA

How to access your Maths office Mac from an "outside" (home or overseas) machine e.g. a Mac laptop, with SSH (with 2FA) and Screen Sharing (really VNC) on MacOSX: work as if you were sitting in front of your office Mac.

You need to (once only):

Each time you want to connect to your office Mac, you need to (the software is present on Mac laptops already, out-of-the-box):

When done, close your Screen Sharing app, then you can log out of dora also.


Set up Screen Sharing (VNC) service on the office Mac

The Screen Sharing (VNC) server is built-in to Macs, only needs to be turned on:
In (Finder) System Preferences, (Internet and Wireless) select Sharing.
Choose users who can access.
Seems there is no need to set a VNC password under Computer Settings.
Configure the Apple Firewall:
In (Finder) System Preferences, (personal) Security, select Firewall.
Click Advanced and allow Screen Sharing. (Do not turn firewall off completely.)

Two other things you need to do while in the School:

Test things out while in the School: on your laptop (also connected to the internal School network), Go ConnectToServer vnc://pNNNm.pc (see below for details, without any ssh).

Run SSH on the laptop

Run ssh: in a terminal window, type the command

ssh -C -L 5900:pNNNm.pc:5900
with the name of your office Mac, and your Maths (dora) login name.

Follow the prompts: type the words from your paper skey sheet for the line number shown, or the authenticator code, then your normal dora password. You will be logged in to dora.

The very first time you use ssh, you will be prompted about the as-yet unknown authenticity fingerprint: say yes.

Leave that dora window logged in, running; you may minimize/iconize its window. Keep that session running, do not allow to time out, do not allow your computer to go to sleep/hibernate e.g. as most laptops do with the lid closed.

Connect with Screen Sharing app (VNC client)

With ssh running, logged in to dora...

In Finder choose Go and Connect to Server, in the Server Address field type

and click Connect. Set the correct username and password, click Connect, and see it connect to your office Mac, just as if you were sitting in front of its screen.

You can also copy files between the office Mac and the laptop e.g. by simple drag-and-drop. You can minimize/iconize the Screen Sharing window, or make it un-maximized.

Alternatively you could start things from a terminal window (another terminal, not the dora one), typing the command
     open vnc://localhost
Or, find the app in /System/Library/CoreServices and drag it to your Launchpad, start it and connect to machine named localhost.

When done, just close the Screen Sharing window.

After disconnecting your Screen Sharing (VNC) session, you may close the ssh window (log out the dora session): type  exit  at the dora prompt, or just close the terminal window.

Blurb, comments

The Mac OSX "Screen Sharing" is based on VNC, Virtual Network Computing.

The remote "laptop" machine could be Linux or Windows: Linux has SSH and you could install some VNC viewer (say xtightvncviewer), for Windows you could use putty and one of many free VNC viewers; but we will not describe how to use such other machines.

You could use VNC for office Windows PCs also, but for those you are better off with RDP that is "native" to Windows.

Further reading, random references

Paul Szabo 14 Nov 17