How to change the default screen sharing / VNC port number on Mac OS X?
Is there any way to change it from the default 5900 to some other port?
You actually can switch the default port for Apple's VNC server on Mac OS 10.7 Lion and 10.8 Mountain Lion. To change the port, you need to edit the server's plist file /System/Library/LaunchDaemons/com.apple.screensharing.plist (this file doesn't exist in systems prior to 10.7 Lion).
Editing the file requires root (sudo) privileges. In the terminal, if you are familiar with vi or vim, you can type:
sudo vim /System/Library/LaunchDaemons/com.apple.screensharing.plist
or if you're not, you'd better use nano:
sudo nano /System/Library/LaunchDaemons/com.apple.screensharing.plist
Now, all you have to do is change line 34 (the one that reads <string>vnc-server</string>) to <string>nnnn</string> where nnnn is the port number you wish to use. I know it seems weird changing a name like "vnc-server" to a number, but that's the way you have to do it. I've included an example below in case anything's not clear.
To change the default port to 54321, you would edit the plist file to look like this:
...
<key>Sockets</key>
<dict>
<key>Listener</key>
<dict>
<key>Bonjour</key>
<string>rfb</string>
<key>SockServiceName</key>
<string>54321</string> <!-- Change this line! -->
</dict>
</dict>
<key>UserName</key>
<string>root</string>
<key>SHAuthorizationRight</key>
<string>system.preferences</string>
</dict>
</plist>
After saving the file, to make the change take effect, turn Screen Sharing off and then on again in the Sharing preference pane, or alternatively unload and re-load the service using these commands:
sudo launchctl unload /System/Library/LaunchDaemons/com.apple.screensharing.plist
sudo launchctl load /System/Library/LaunchDaemons/com.apple.screensharing.plist
I can confirm after finding this thread via Google that editing /etc/services for the "rfb" ports will change the included VNC server's listening ports.
I edited the file and rebooted (usually I'd try restarting services or unloading the launchdeamon but I was having some other issues as well and didn't bother). iTeleport on my iPad then failed to connect on 5900 and succeeded on the high unprivileged port I chose.
This has been discussed on various forums at apple.com and on macosxhints.com. The short answer is "you can't change it".
The longer answers suggest ways around it -- three possibilities:
- Use alternate VNC server software
- Use an ssh tunnel to redirect traffic from your custom port to 5900
- Configure port mapping in your router to take incoming traffic on a different port to go to port 5900 on your mac.
Based on the info provided by Greg in this thread I wrote a bash script that will automate the process of changing your system's VNC listening port. Works well in my tests. Let me know if anyone has any issues with it.
#!/bin/sh
#Created by Will D. on 04/10/2015
#If you find it useful (or have suggestions, feedback, etc.), shoot me an email at [email protected].
#Requires Mac OS 10.7.x or later (tested up to and including 10.10.3)
#02/02/2016 - Updated Script to alert for SIP status
#Setting Static Variables
sourcepath="/System/Library/LaunchDaemons/"
filename="com.apple.screensharing.plist"
port=`less $sourcepath$filename | awk 'f{print $1;f=0} /SockServiceName/ {f=1}' | awk -F "<|>" '{print $3}'`
os_version=`sw_vers -productVersion`
os_version_aug=`sw_vers -productVersion | awk -F "." '{print $1$2}'`
sip_status=`csrutil status | awk '{print $5}'`
#Colors
nc='\033[0m'
light_red='\033[1;31m' #Light Red
yellow='\033[1;33m' #Yellow
clear
#Check the script is being run by root
if [ "$EUID" -ne 0 ];then
printf "${light_red}This Script Must Run As Root${nc}\n"
exit 0
fi
clear
printf ${yellow};echo "---------------------------------------------------------------"
echo "--- ---"
echo "--- This Script Will Change Your Systems VNC Listening Port ---"
echo "--- Hit Ctrl + c to exit at anytime ---"
echo "--- ---"
echo "---------------------------------------------------------------";printf "${nc}\n"
#Check System Version
sleep 1
if [ "${os_version_aug}" -lt "107" ]; then
echo ""
echo "System OS Must Be Greater Than 10.7.x. Aborting Script."
exit 0
else
echo ""
echo "System OS Version is" $os_version
echo "OS Requirement Met √"
echo "--------"
fi
if [ "${os_version_aug}" == "1011" ]; then
if [ "${sip_status}" == "enabled." ]; then
echo ""
printf "${light_red}••• System Integrity Protection is Enabled •••${nc}\n"
echo ""
echo "This script modifies /System/Library/LaunchDaemons/com.apple.screensharing.plist"
echo "Please Disable System Integrity Protection Before Running"
echo ""
exit 0
fi
fi
#Give Feedback on Current Port
sleep 1
if [ "${port}" == "vnc-server" ]; then
echo ""
echo "The System's VNC Port is Currently"
echo "Set to the System Default Port of 5900."
echo "--------"
elif [ "${port}" != "vnc-server" ]; then
echo ""
echo "The System's VNC Port is Currently"
echo "Set to a Non-default Port of" $port"."
echo "--------"
fi
#Updating Port
echo ""
printf "What Port Would You Like VNC to Listen On? "
read newport
echo ""
echo "The Following Action Requires an Admin Password."
echo "Note: Your Password Will Be Visible When You Type It"
echo ""
printf "Admin Password? "
read admin_pass
sleep 1
echo ""
echo "Created" $filename".bak."
sleep 1
echo ""
echo "Updating VNC Port to" $newport"..."
echo $admin_pass | sudo -S sed -i.bak -e "s|$port|$newport|g" $sourcepath$filename
sleep 1
echo "Done"
echo ""
sleep 1
#Restarting screensharing process
echo "Restarting Screen Sharing Service..."
sudo launchctl unload /System/Library/LaunchDaemons/com.apple.screensharing.plist
sudo launchctl load /System/Library/LaunchDaemons/com.apple.screensharing.plist
echo "Done"
sleep 1
echo ""
echo "Your System's VNC Port is Now Set to" $newport"."
echo ""
echo "Update Complete. All Done."
if [ "${os_version_aug}" == "1011" ]; then
echo ""
echo "Since you're running El Capitan"
echo "be sure to re-enable System Integrity Protection"
exit 0
fi
exit 0