Apple Screen Sharing Is Useful. Here Is What It Still Leaves to You

macOS already includes useful foundations. Screen Sharing gives you a native screen service. Remote Login gives you SSH. For personal workflows, labs, studios, and small support situations, those pieces can be enough to build a remote path.

The missing layer is not because Apple failed. The missing layer exists because "turn on a service" is different from "operate a secure remote-access workflow." A service toggle does not decide how keys are scoped, how connection material is shared, or how quickly access can be revoked.

Once you move beyond a one-off local session, operational questions appear. Should password SSH login be allowed? Which port should be used? Is the VNC port reachable from the network? Which key belongs to which person or device? Can a key be LAN-only? What happens when a key is revoked during an active session?

Those are not viewer questions. They are gateway questions. They live on the Mac being reached.

A secure setup that only one person understands is fragile. The moment another device or helper needs access, you need portable connection material: a private key, a script, a host, a port, a VNC target, and a short explanation that will still make sense next month.

That is why export format matters. A plain script might be fine over AirDrop between your own devices. An encrypted bundle is better when the package carries a private key. A settings backup should not be confused with a connection package.

HearthGate keeps Apple Screen Sharing and OpenSSH in the picture, then adds the operational layer: guided setup, restricted keys, SSH hardening, VNC lockdown, packages, logs, revocation, System Controls, and uninstall restore.

Apple gives you the parts. The secure path is what you build around them.