https://codnamacs.com/blog Practical writing about secure Mac remote access, VNC over SSH, SSH hardening, VNC lockdown, and self-hosted gateway design. en-us Tue, 16 Jun 2026 12:00:00 GMT https://codnamacs.com/blog/vshell-and-hearthgate-mac-screen-gateway https://codnamacs.com/blog/vshell-and-hearthgate-mac-screen-gateway Tue, 16 Jun 2026 12:00:00 GMT Comparisons VShell is a serious enterprise SSH and secure file-transfer server, and it runs on macOS too. HearthGate is the Mac-native gateway around Apple Screen Sharing: SSH-gated, key-restricted, logged, and revocable. Here is how they differ, what the price gap really means, and who each one fits. https://codnamacs.com/blog/independence-day-mac-virus-key-revocation https://codnamacs.com/blog/independence-day-mac-virus-key-revocation Tue, 09 Jun 2026 12:00:00 GMT Security Story A pop-culture security story about Independence Day, the famous Mac virus scene, trusted alien craft, old keys, revocation, and why Per-Key Limits matter. https://codnamacs.com/blog/ghost-love-protocol https://codnamacs.com/blog/ghost-love-protocol Mon, 08 Jun 2026 12:00:00 GMT Story A cyberpunk manga-style web story about a signal, a tunnel, a gate, and the moment secure access becomes respect. https://codnamacs.com/blog/who-benefits-from-hearthgate-mac-remote-access-use-cases https://codnamacs.com/blog/who-benefits-from-hearthgate-mac-remote-access-use-cases Sun, 07 Jun 2026 12:00:00 GMT Use Cases From creative studios and Mac mini homelabs to local AI boxes, consultants, education labs, and small IT teams: these are the scenarios where a secure Mac gateway matters. https://codnamacs.com/blog/secure-openclaw-on-mac-mini-remote-access-first https://codnamacs.com/blog/secure-openclaw-on-mac-mini-remote-access-first Sun, 07 Jun 2026 12:00:00 GMT Local AI Macs A security-first guide for running OpenClaw on a Mac mini: protect the Mac access path first, keep the gateway local, then install the agent stack. https://codnamacs.com/blog/tailscale-and-hearthgate-network-layer-vs-mac-gateway-layer https://codnamacs.com/blog/tailscale-and-hearthgate-network-layer-vs-mac-gateway-layer Fri, 05 Jun 2026 12:00:00 GMT Comparisons Tailscale is excellent at making private devices reachable. HearthGate solves the next Mac-specific question: what happens on the host after it is reached? https://codnamacs.com/blog/why-vnc-port-5900-should-not-be-exposed-to-the-internet https://codnamacs.com/blog/why-vnc-port-5900-should-not-be-exposed-to-the-internet Fri, 05 Jun 2026 12:00:00 GMT Remote Access Security Port 5900 is convenient for VNC, but convenience is not the same thing as a safe remote-access boundary. Here is why the screen port should stay behind SSH. https://codnamacs.com/blog/secure-mac-remote-access-without-a-cloud-relay https://codnamacs.com/blog/secure-mac-remote-access-without-a-cloud-relay Fri, 05 Jun 2026 12:00:00 GMT Self-Hosted Access Cloud relays are convenient, but they also move trust away from the Mac you own. A self-hosted path keeps the connection model under your control. https://codnamacs.com/blog/vnc-over-ssh-on-macos-practical-guide https://codnamacs.com/blog/vnc-over-ssh-on-macos-practical-guide Fri, 05 Jun 2026 12:00:00 GMT Guides VNC over SSH gives macOS Screen Sharing a stronger outer layer: key-based access first, screen access second. https://codnamacs.com/blog/why-the-vnc-address-stays-localhost https://codnamacs.com/blog/why-the-vnc-address-stays-localhost Fri, 05 Jun 2026 12:00:00 GMT VNC Lockdown When VNC is protected behind SSH, localhost is not a placeholder. It is the address that keeps the screen service behind the tunnel. https://codnamacs.com/blog/apple-screen-sharing-is-useful-what-it-still-leaves-to-you https://codnamacs.com/blog/apple-screen-sharing-is-useful-what-it-still-leaves-to-you Fri, 05 Jun 2026 12:00:00 GMT macOS Security Apple gives macOS users Screen Sharing and OpenSSH, but secure, shareable, auditable access still needs a model around those parts. https://codnamacs.com/blog/connect-to-a-mac-from-windows-with-tightvnc-over-ssh https://codnamacs.com/blog/connect-to-a-mac-from-windows-with-tightvnc-over-ssh Fri, 05 Jun 2026 12:00:00 GMT Windows Guides TightVNC can be part of a secure Mac remote-access workflow when the VNC session travels through an SSH tunnel instead of reaching port 5900 directly. https://codnamacs.com/blog/mobaxterm-to-mac-screen-sharing-over-ssh https://codnamacs.com/blog/mobaxterm-to-mac-screen-sharing-over-ssh Fri, 05 Jun 2026 12:00:00 GMT Windows Guides MobaXterm can connect to a Mac screen through SSH when the tunnel and the VNC target are kept separate. https://codnamacs.com/blog/ssh-hardening-for-mac-remote-access https://codnamacs.com/blog/ssh-hardening-for-mac-remote-access Fri, 05 Jun 2026 12:00:00 GMT SSH Hardening A Mac remote-access gateway should treat SSH as a carefully managed entry point: keys, ports, bindings, login policy, timeouts, and cleanup all matter. https://codnamacs.com/blog/post-quantum-ready-ssh-ml-kem-hybrid-explained https://codnamacs.com/blog/post-quantum-ready-ssh-ml-kem-hybrid-explained Fri, 05 Jun 2026 12:00:00 GMT Cryptography Post-quantum-ready SSH is not a magic shield. It is a practical way to use hybrid key exchange when the installed SSH stack supports it. https://codnamacs.com/blog/cloud-remote-desktop-vs-self-hosted-mac-remote-access https://codnamacs.com/blog/cloud-remote-desktop-vs-self-hosted-mac-remote-access Fri, 05 Jun 2026 12:00:00 GMT Comparisons Cloud remote desktop and self-hosted Mac access solve different problems. The right choice depends on control, convenience, compliance, and who owns the path.