Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Start Mac VNC server from command line
# Step 1: Set priveleges
$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -allowAccessFor -allUsers -privs -all
Starting...
Setting allow all users to YES.
Setting all users privileges to 1073742079.
Done.
# Step 2: Allow VNC clients
$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -clientopts -setvnclegacy -vnclegacy yes
Starting...
Set the client options.
Done.
# Step 3: Set VNC password (change it at the end of the line (i.e. don't use supersecret))
$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -clientopts -setvncpw -vncpw supersecret
Starting...
Set the client options.
Done.
# Step 4: Restart service
$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -restart -agent -console
Starting...
Stopped ARD Agent.
Stopped VNC Privilege Proxy
Stopped RFB Register MDNS
Done.
# Step 5: If no ARD services have been activated on the machine before, it is also necessary to run the following command
$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate
Starting...
Activated Remote Management.
Done.
@zdj
Copy link

zdj commented Jul 11, 2014

Thanks a bunch for this. My headless Mac Pro was showing a grey screen via Screen Share and it came right back after running these commands.

@isaacovercast
Copy link

isaacovercast commented Apr 11, 2017

Super useful.

@jaderfeijo
Copy link

jaderfeijo commented May 2, 2018

Super useful indeed. I was able to use this to log into a Circle CI instance to debug an issue via reverse ssh. Wouldn't have been able to figure out what was going on without this. Thanks.

@spin6lock
Copy link

spin6lock commented Nov 12, 2018

Warning: macos 10.14 and later only allows control if Screen Sharing is enabled through System Preferences.

so sad

@inetfuture
Copy link

inetfuture commented Sep 16, 2019

works well on 10.13.6, thanks

@albert-a
Copy link

albert-a commented Nov 18, 2019

10.13.6, 10.14 - Does not work.

@aserraric
Copy link

aserraric commented Mar 30, 2020

I'm currently working remote exclusively (Covid-19) and this saved me a trip to the office. (OS X 10.14.6)
The warning appears, but it actually works without "Screen Sharing" being enabled. Having "Remote Management" on apparently does the same thing.

@nateware
Copy link
Author

nateware commented Mar 31, 2020

Thanks for the note @aserraric! Glad to hear it was helpful.

@ccsben
Copy link

ccsben commented Apr 1, 2020

I tested on 10.15.4. For whatever reason, -setvncpw -vncpw password seems to be setting the password to something else coz the vncviewer is getting authentication failure
But then I manually type the password into the system preferences > sharing > computer settings... > vnc viewer may control screen with password: without changing anything else that was done by the command line. Then the authentication started working.
This is very strange and just that last bit breaks the whole thing.

@dstranathan
Copy link

dstranathan commented Jun 10, 2020

I tested on 10.15.4. For whatever reason, -setvncpw -vncpw password seems to be setting the password to something else coz the vncviewer is getting authentication failure
But then I manually type the password into the system preferences > sharing > computer settings... > vnc viewer may control screen with password: without changing anything else that was done by the command line. Then the authentication started working.
This is very strange and just that last bit breaks the whole thing.

Yup. You can enable/disable VNC from CLI but NOT set password. This may have started in Mojave possibly, but definitely
the case now in Catalina as of June 2020.

However, the VNC password (hash) set from the Sharing pane GUI is stored in a (root-owned) pref file in /Library/Preferences. This file can be managed via scripts if you have admin rights and are creative with SSH and scripting, and/or have a Mac management system such as Jamf etc.

Edit: typos.

@lefoimpeur
Copy link

lefoimpeur commented Jul 9, 2020

Hi, I'm currently testing the 10.15.4 as well. Indeed the change of the vnc password doesn't work on the command line.
But I have another particular behavior:

  • when I enable VNC with the GUI, the remote access to the mac with Dameware from a Windows works perfectly.
  • on the other hand when I enable VNC in command line, the connection is done on the mac but the screen is black, I can't do anything.

Do you have any idea why?

@dstranathan
Copy link

dstranathan commented Jul 9, 2020

Hi, I'm currently testing the 10.15.4 as well. Indeed the change of the vnc password doesn't work on the command line.
But I have another particular behavior:

  • when I enable VNC with the GUI, the remote access to the mac with Dameware from a Windows works perfectly.
  • on the other hand when I enable VNC in command line, the connection is done on the mac but the screen is black, I can't do anything.

Do you have any idea why?

I dont know. Sorry.

@jbwasp
Copy link

jbwasp commented Aug 19, 2020

Hi, I'm currently testing the 10.15.4 as well. Indeed the change of the vnc password doesn't work on the command line.
But I have another particular behavior:

  • when I enable VNC with the GUI, the remote access to the mac with Dameware from a Windows works perfectly.
  • on the other hand when I enable VNC in command line, the connection is done on the mac but the screen is black, I can't do anything.

Do you have any idea why?

I dont know. Sorry.

you can add below to your script

perl -we 'BEGIN { @k = unpack "C*", pack "H*", "1734516E8BA8C5E2FF1C39567390ADCA"}; $_ = <>; chomp; s/^(.{8})./$1/; @p = unpack "C", $; foreach (@k) { printf "%02X", $ ^ (shift @p || 0) }; print " "' | sudo tee /Library/Preferences/com.apple.VNCSettings.txt")

@jbwasp
Copy link

jbwasp commented Aug 19, 2020

I tested on 10.15.4. For whatever reason, -setvncpw -vncpw password seems to be setting the password to something else coz the vncviewer is getting authentication failure
But then I manually type the password into the system preferences > sharing > computer settings... > vnc viewer may control screen with password: without changing anything else that was done by the command line. Then the authentication started working.
This is very strange and just that last bit breaks the whole thing.

you can add below to your script

perl -we 'BEGIN { @k = unpack "C*", pack "H*", "1734516E8BA8C5E2FF1C39567390ADCA"}; $_ = <>; chomp; s/^(.{8})./$1/; @p = unpack "C", $; foreach (@k) { printf "%02X", $ ^ (shift @p || 0) }; print " "' | sudo tee /Library/Preferences/com.apple.VNCSettings.txt")

@flhoest
Copy link

flhoest commented Dec 4, 2020

All this is nice but ... how do you solve the
"Warning: macos 10.14 and later only allows control if Screen Sharing is enabled through System Preferences."
issue ?

I'm actually doing ssh to a Mac mini hosted on AWS EC2 ...

@jcavar
Copy link

jcavar commented Dec 8, 2020

All this is nice but ... how do you solve the
"Warning: macos 10.14 and later only allows control if Screen Sharing is enabled through System Preferences."
issue ?

I'm actually doing ssh to a Mac mini hosted on AWS EC2 ...

This video https://www.youtube.com/watch?v=FtU2_bBfSgM and this gist explain that nicely: https://gist.github.com/sebsto/6af5bf3acaf25c00dd938c3bbe722cc1

@abhi-io
Copy link

abhi-io commented Dec 28, 2020

@nateware you just saved my day (20.5hrs)
worked on
Amazon EC2 macOS Catalina 10.15.7, and
Amazon EC2 macOS Mojave

endpoint details are - IP, Username, Pass

@hisashiyamaguchi
Copy link

hisashiyamaguchi commented Mar 25, 2021

Great script. It's working on BigSur too.

% uname -a
Darwin ip-172-31-30-21.us-east-2.compute.internal 20.3.0 Darwin Kernel Version 20.3.0: Thu Jan 21 00:07:06 PST 2021; root:xnu-7195.81.3~1/RELEASE_X86_64 x86_64

@nicksweb
Copy link

nicksweb commented Nov 3, 2021

Love this script, have used it a few times to get me out of trouble.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment