Thank you so very much for your detailed answer (and @nlippman too – would very much like to see your script)!
I should be able to set up my router – my Synology conveniently includes a dynDNS-like service, but I used to have one back in the day so I just have to set this up at some point. Thanks!
Actually I’m stuck at something much more basic, and my tests have failed so far on the local network before I take this to the next step, but maybe I’m doing something wrong.
Here is the issue I’ve been running in: I start my Mac (which ends on the login screen), but since no session is started, no helper apps such as Screens Connect run on it, and so I can’t login from another Mac. I haven’t had any luck with the Apple screen sharing app either (it’s stuck at connecting). I get the rationale: since no session is started, no background processes are running and so I can’t connect… but if I can’t login I can’t start those processes 
Catch-22.
If I run a Mac mini server I want to be able to reboot it remotely and log back in even from abroad, or even simply restart it and log in in the event of a power cut.
Is it possible? Can the Apple Screen Sharing app do that and should I dig deeper in that direction, or do you always need, at some point, to be present at the machine to log in to start the screen sharing processes? Would kind of severely hamper the very idea of having a Mac server… I guess there’s a way otherwise there would not be companies like Macminicolo but so far I haven’t found it… I have a hunch it’s something very simple but I’ve been missing it.
Thanks!
If you want to use Screens Connect then I suspect you are correct that you would have to have a logged in use so Screens Connect is running, but that is not absolutely the case, if Screens Connect uses launchd and launchctl to cause it to run at boot time instead.
I actually don’t use Screens Connect. Instead I have enabled screen sharing in the Sharing preference pane, and also remote login so that I can make the connection via SSH from outside my LAN as well. Provided you know your home IP address (as we have already discussed), then you should be able to connect via Screens without Screens Connect running.
In terms of getting the home IP address, if your router is a Synology, than I would agree the best approach is to use the Synology’s built in DynDNS function. That’s the easiest approach.
I am using the free dynamic DNS service at afraid.org. There are many other options, but this one happened to work fo me and was easy to set up. Once I set up my account and created my dynamic host name (from a list of domains they provide), there is a menu item to click that gave me my specific ID to use to change my DNS table entries as needed.
WIth my dynamic domain address being (for example) foobar.privatedns.org, I can find out the IP address that is currently pointing to with: dig +short foobar.privatedns.org.
I can also get what my actual external IP address is via this trick: dig +short myip.opendns.org @resolver1.opendns.org.
With my update key from afraid.org, the following script does the trick, run every 6 hours by KeyboardMaestro and posting the result (from the echo statement) as a notification.
#!/bin/bash
CURRENTIP=dig +short foobar.privatedns.org
NEWIP=dig +short myip.opendns.com @resolver1.opendns.com
if [[ “$CURRENTIP” != “$NEWIP” ]] ; then
RES=curl -k -s http://freedns.afraid.org/dynamic/update.php?<mykey>
echo “Dynamic IP address changed to ${NEWIP}; result: $RES”
else
echo “IP address stable at $CURRENTIP”
fi
Thank you so very much for the script. It will really help me get all the pieces together!
One very last question if I may – I have to admit I’m a little fuzzy on how to log distantly on Unix systems (such as macOS). I am at a loss on how to reach my theoretical server unless I’m already logged in (and looking online has not helped, probably because it’s a basic question).
Am I right in assuming that the Apple Screen Sharing app works even from login?
A simpler and more universal way to do this – if I was to reboot my server from, say, a screen sharing session from afar, I would then have to login again but I’m in this catch-22 situation we talked about. If I then login via SSH, is it enough to start my session on the Mac, so that I can launch whatever helper app I need (such as Screens connect or whatever else?)
Thanks a lot ! 
A couple of things:
Firstly, the script I posted has an error in it as the discussion board system seems to have removed the backtick character (the unshifted ~ key) that should surround all of the commands, eg, dig +short … and so forth. If you wish to use the script I will have to figure out how to make those backticks appear properly so that you can use the script.
In terms of remote login, there are a variety of ways to accomplish that. You can certainly log in via SSH at the command line, and that will work regardless of whether there is a user logged in locally or not.
You can also use a Remote Desktop protocol, such as VNC, which is what is used by Apple Remote Desktop and the Screens app, which is very popular. You can also use the apple Remote Desktop program which is very well hidden within a Framework folder. I would have to google to find out where it is since I have switched to Screens.
I don’t know what happens if you do a remote session without a logged in user - I suspect it will show you the login screen and you can then log in.
1 Like
Since I run a VPN server at home, I access my local computers remotely by VPN access to my home network and then using Screen Sharing (aka VNC). However if I just want to move files I use ssh. The router port forwards the ssh and vpn ports to my server computer. I’ve found that “bad actors” regularly would bang on the ssh port to the extent that it would frequently take down the ssh server, so I moved it to another port. Security through obscurity but it did get rid of all the automated break in attempts.
FYI if you want to be able to remotely reboot the computer you must not enable Firevault 2. That places the login prompt at bootup before any services (such as VPN, VNC, or SSH) are running, so no remote access at all!
Why don’t you get the best of both worlds? Get a Drobo DAS (eg Drobo 5D or 8D) and plug it into you Mac Mini? You get the redundancy and storage management benefits of Drobo, and you get all of the benefits Mac Mini as well.
I’m currently using Mac Mini and Synology together, but I plan on replacing the Synology with a Drobo DAS once I’m ready to take the hit in my pocketbook. I have around 30TB and no place to copy it to temporarily to migrate data from one to the other.
Ideally I could
- rent a large storage device
- copy data to it from Synology
- move the drives to the Drobo
- create a new volume on the Drobo
- copy data from temp store to Drobo
- return the temp storage
But I haven’t found anywhere or anyone to get temp storage from.
Anyway, I’d try to the “why not both” setup. I think you’ll like it.
This is what I use with my Mac mini. I think you have to trick it into thinking a display is attached. I bought CompuLab 4K Display Emulator (fit-Headless 4K) for this purpose and it works.
I can power on my Mac Mini and log into using the remote connection icon in Finder. You are correct in that it’s the VNC protocol. You can also ssh into it, and from there set up SSH tunnel and use XWindows if you want to go that route.