Help

HearthGate opens with a short overview of its security model: Apple Screen Sharing and OpenSSH stay on your Mac, while remote access is wrapped in your own encrypted SSH tunnel.

Read the End-User License Agreement, select the agreement checkbox, and continue. The license can be reviewed later from the About area inside HearthGate.

HearthGate uses a small privileged helper to manage services such as Screen Sharing, SSH, and firewall rules. Approve the macOS authorization prompt when asked; the helper should report as active before you continue.

Turn on macOS's built-in Screen Sharing service. HearthGate verifies the connection posture, including SSH key authentication, disabled password authentication, and the VNC handshake layer.

Use the recommended lockdown option to keep direct inbound VNC traffic blocked. SSH tunnels still work because they forward through loopback on the Mac, while direct LAN attempts to port 5900 are dropped.

Start HearthGate's managed OpenSSH service on its configured port. Apple's native Remote Login on port 22 can remain off; HearthGate uses its own hardened SSH configuration for the gateway path.

Choose Generate new key when this Mac will be the remote host. Import existing package is used when you are setting up another device from a HearthGate connection package.

After the connection key is created, save the private key, ready-to-run script, or bundle you plan to use on the remote device. Copy the generated passphrase now; HearthGate does not store it for you.

Admin Lock can require Touch ID or the Mac account password before changing HearthGate configuration, System Controls, or tray toggles. Enable it if this Mac is shared or physically accessible to others.

When setup is complete, HearthGate lives in the menu bar. Use the shield icon to manage remote access settings, monitor active connections, and adjust preferences.