macOS includes a built-in SSH server (sshd), a VNC server (Screen Sharing), and Bonjour for local hostname resolution โ all built into the OS and disabled by default. Enabling them through System Settings โ Sharing takes under a minute. With proper SSH key authentication, you get secure, passwordless terminal access to your Mac from any computer on your local network.
For access from outside your home network (over the internet), pair this setup with Tailscale (see the Tailscale playbook) โ Tailscale provides the secure tunnel without any router port-forwarding.
What you'll accomplish
Passwordless SSH access to your Mac using an ed25519 key pair (no password prompts), Screen Sharing enabled for full desktop control, and an SSH config file so you can connect with a single word (ssh my-mac) instead of typing the full hostname and username.
What to know before starting
SSH (Secure Shell): An encrypted protocol for terminal access to a remote computer. When you SSH into your Mac, you get a Terminal session running on the Mac, from which you can run any command. The connection is fully encrypted.
SSH key authentication: Instead of typing a password, you prove your identity using a cryptographic keypair. The private key stays on your client machine (never shared). The public key is installed on the server (your Mac). The server encrypts a challenge with your public key โ only someone with the private key can decrypt it. This is both more secure and more convenient than passwords.
mDNS/Bonjour: Apple's zero-configuration local network service. It lets you use `your-mac.local` instead of memorizing an IP address. The `.local` domain is resolved by the mDNS daemon (`mDNSResponder`) on your local network โ it doesn't use the internet.
VNC (Virtual Network Computing): The protocol behind Screen Sharing. It transmits the remote screen as a bitmap image and forwards keyboard/mouse input. Less efficient than SSH but gives you a full desktop GUI.
Port forwarding over SSH: SSH can tunnel other network ports through the encrypted connection. For example, forward your remote Mac's Ollama port to your local machine: `ssh -L 11434:localhost:11434 my-mac` โ then `localhost:11434` on your machine talks to Ollama on the Mac.
Prerequisites
โข macOS (any modern version โ Ventura 13+ for the System Settings UI shown below)
โข Admin access to System Settings
โข A second computer or device for testing (or another Terminal window)
Time & risk
Duration:: 5 minutes
Risk level:: Low โ enables built-in macOS features that are off by default; easily reversed by toggling the same switches off