Whenever I set up a computer for a new Mac user, I am often requested to enable something to help them troubleshoot issues from far away. The problem, of course, is what this “something” could be. Indeed, I am always reluctant to enable VNC or ARD access onto a computer that I know may not be always kept up-to-date or plugged into firewalled networks. There is nothing wrong with VNC or ARD, really, and both can be used in a secure fashion but they do tend to require more work than a purely built-in Mac OS X component such as SSH, that will automatically get updated along with other parts of the operating system — you do use Software Update, don’t you?
The main problem of course is that SSH clients are not overly user-friendly for the most part — in a GUI world, that is of course. Almost while brushing my teeth (as this seems to be the proverbial time when ideas should strike) yesterday, I remembered good old SFTP.
After all, most FTP clients have made great efforts to be very user-friendly as of late. An application like Transmit or its open-source counterparts can be understood even by beginners in a matter of minutes. SFTP has nothing to do with FTP, of course (it is disguised SSH) but, as many users equate STFP with “Secure FTP” literally speaking, most FTP clients now include SFTP support.
Putting 1 + A, I immediately came to conclusion 2B: i.e. Transmit could be used as a GUI on top of SSH. Simply turn on remote login on a Mac, through the Sharing preferences pane, and point your Transmit at it to enjoy secure, GUI-powered remote access to a computer. Since an application like Transmit (and, again, many other clients) enjoy integration with text editors, permissions changing support, and more, most administrative tasks can be performed in a breeze.
Sure, you don’t get the full GUI you would with VNC or ARD but, with the extra security this solution brings, and the relative absence of configuration it requires, this is a little trade-off for most.
PS: Of course, punching a hole in a firewall, even on port 22, even if only the latest SSH protocol is listening (which requires command-line tweaking on the Mac you are configuring), even if the world were a happy place, is still punching a hole in your firewall and makes the computer vulnerable to attacks, including good old brute-force password cracking methods. Use with caution and seek medical assistance should irritation or redness occur.