This blog has moved

This blog is now at http://www.celesteh.com/blog

Thursday 1 February 2007

Securely Using a Macmini as a remote controlled audio workstation (or media center)

Let's say you have a mac mini and a laptop and you're too cheap and/or lazy to buy a screen, keyboard and mouse. You don't need to! The answer lies with your laptop. It is possible to control a macmini (or any other type of mac) with another computer of nearly any variety. I happen to use a mac, but it is also possible with windows and linux.

VNC

To start off, you will need to borrow some peripherals, so you can do the initial setup. After you register and whatnot, You will want to setup VNC. This allows you access to the minimac's desktop from your laptop. Open the minimac's system preferences. Open sharing. Click the "Services" tab. Click the checkbox next to Apple Remote Desktop. After that, you want to set Access Privileges. This should open automatically the first time you turn remote desktop on, but if it doesn't, click the "Access Privileges..." button.

On the left, you will see a list of users. Select yourself. On the right, you see a list of actions. If you want to allow remote control (which you do), select all of them. Below the line, there is a checkbox which says "VNC viewers may control screen with password:" Check that box and then give it a secure password. Click "ok"

You are back on the sharing - Services window. Check the box next to "Remote Login". Ok, now click on the firewall tab to make sure your firewall is on. While you're there, also give your computer a name that's different from your laptop's name then quit the user prefs.

Ok, now go to your laptop and get a VNC client. If your laptop is a mac, Chicken of the VNC is perhaps the most popular. It's what I use. If you're on another kind of computer, just search the internets to find a VNC client. Download and install to your laptop.

SSH Tunnelling

Ok, now it's time to test this out. First, open a terminal on your laptop (/Applications/Utilities/Terminal.app). Then type:

sudo ssh -X username@macmini.local -L 5900/127.0.0.1/5900

(Use your username and the mane of your macmini.) It will prompt you for a password (and may quote Spiderman at you.). Type the password for your account on your laptop. (It may ask you if you're sure you want to connect, etc. Yes, you're sure.) Then it will ask you for a password again. Type the password for the account on your macmini. You should see a unix-type prompt. Hooray, you are logged into your macmini.

You are logged in securely, which is even better. Don't dispair, the graphical connection is coming next, but first an optional, brief explanation of the command you just typed: Ssh is a secure way to connect with another computer. In this case, it's also doing something called port mapping. This makes a secure connection between a port on your computer and a post on a remote computer. If you connect to that port on your local computer, it will actually, really form a secure connection with the remote port. What this means for you is that nobody can eavesdrop over your connection (an issue if you're wireless). The reason you type sudo is because you need root privileges to tunnel on important ports.

Back to instructions

Ok, open Chicken of the VNC on your laptop. A login window will open and there will be a list of servers, hopefully with your macmini on the list. However, you are not going to click on it. Instead, click on the + button in the lower left. A new server name will come up. Type in something like "secure minimac". On the right hand side, type in your password. Don't change any of the other info. You want it to connect to localhost on the default port. You can tell it to remember the password if you feel like your laptop is not going to be "borrowed" by non-trusted people. Don't click any other checkboxes. Click connect.

A window should open with a view of the screen of your minimac. If this doesn't happen, try the following:

  1. Do you see the name of your mac in the list of servers? If not, make sure that you've turned on Apple Remote desktop on your minimac.
  2. Can you connect to the remote server directly, not via the secure connection? If so, you've got weird problems and will need to ask for help from somebody else, like your network administrator.
  3. If you cannot connect at all, the problem may be a firewall. Make sure that the firewall on your LAN allows connections on port 5900. You may need to talk with your network administrator.

Now that you have a window open onto the remote computer, try doing something. Start itunes. Play a tune! Your minimac can be a remote controlled media center. woot.

X Windows

I like free software. Therefore, I want to use Ardour, which is free. My minimac has a large, external disk. Therefore, I want to run it on the mini, but control it with my wimpier laptop. First, you must install X11, which comes on the operating system CD from Apple. Install it on your laptop AND on your macmini. Also, install the developer kit on both (or at least the mini). Then, install Ardour on the macmini.

Ok,you may have noticed that sometimes VNC has a bit of lag. Because Ardour is an Xwindows application, it's possible to reduce the lag by not using VNC. Instead, you can tell it to run on the macmini and to display on your local machine. However, this requires a smidgen of additional effort.

Apple has a bunch of information on X. It's a good thing to read if you're having a problem or just want to understand what's going on.

First, you need to tell your macmini what you're up to. Go back to the terminal ssh connection that you made from the laptop to the macmini. (If you closed the connection, reopen it). Then cut and paste the following commands to the terminal window:

sed 's/#X11Forwarding\ no/X11Forwarding\ yes/' /etc/sshd_config > /tmp/sshd_config
sudo mv /tmp/sshd_config /etc/.
sudo chown root /etc/sshd_config

You will need to type the password for your account on the macmini. These commands tell the ssh daemon to allow X forwarding. You may need to restart the sshd (or, if you don't know how to do that, just reboot the whole computer by typing "sudo shutdown -r now" (without the quotes)). It would also probably be a good idea to repair disk permissions at this time.

Now, reconnect to your computer, using the same ssh command above. The -X flag allows X forwarding. That one typed command enables all your secure communications! Open X-windows on your laptop. Type into the terminal connection to the minimac:

/usr/X11R6/bin/xeyes

If all is working, a pair of eyeballs should open on your laptop. If all is not working, you're going to have to look at some apple documents to figure this out.

Remote Ardour

Ardour, by default,opens windows on the machine that launched it. This means that if you launch it on your macmini, you can control if via VNC right away. But this is not efficient. It's better to close VNC and just use X for this process. There are a few ways to make this happen. The one I'm describing is not the best, but it does work (hopefully). Note that the following assumes that you put Ardour.app in /Applications. If you put it someplace else, you will have to modify the path below

On your macmini, type:

cd
mkdir bin
cd bin
cat > ardour
#/bin/sh -l

/Applications/Ardour.app/Contents/Resources/bin/exporter

type control-D. Then type:

cd
cat >> .profile

PATH=$PATH:$HOME/bin

export PATH

Type ctrl-d again. What you've done is create a tiny executable file that uses the right path to open Ardour and added that path to your shell. You could also do this with an alias.

Logout. (type "exit"). Then log back in (with the long ssh command way above). Open X-windows on your laptop. Type "ardour" (without the quotes) at the terminal prompt. A window should open on your local machine.

Hopefully this all will save somebody else a lot of time.

No comments:

Commission Music

Commission Music
Bespoke Noise!!