Reader G. Murray needs to restart his Mac at times when it’s not within arm’s reach—or even with walking legs’ reach. He’s wondering what options are available with modern Macs. His Mac is located on a network created by a Time Machine, so it has a privately assigned IP address using NAT (Network Address Translation).
Two kinds of options apply here: for when the Mac is still ticking away but isn’t doing what you want, so you want to restart it if only you could connect remotely to it; or when the Mac is unreachable and ostensibly crashed or experiencing other problems, and you want to power cycle it.
Remotely connect to a working Mac
Screen sharing and remote terminal access can both let you control a Mac remotely, but reaching that Mac over the Internet is often the fly in the ointment.
While macOS includes Back to My Mac, which pairs with iCloud to allow remote access to a Mac via the Screen Sharing app, it only works in its regular configuration from another Mac signed into the same iCloud account. Apple offers no guest access from other Macs—though you could set up an account on another Mac temporarily—nor does it have an iOS app.
Instead of Back to My Mac and the Screen Sharing app, you can use the generic screen-sharing protocol VNC. (Just to be more confusing, Apple’s Screen Sharing app is based on VNC, but not identical.) VNC can work over Back to My Mac, but doesn’t always, as it’s not a supported feature. Third-party macOS and iOS apps let you access any VNC-capable system.
Enable screen sharing in the Sharing system preference pane, and click the Computer Settings buttons to turn on VNC. Warning! Always set a strong password for VNC, as it’s easy for attackers to scan for VNC and find yours if it’s reachable from the Internet.
Back to My Mac fails with “double NAT” situations, which I unfortunately have and which aren’t entirely rare. A double NAT happens typically when an ISP provides a modem that also acts as a router, and which has features you can’t replicate or turn off. If you connect, say, an AirPort Extreme with DHCP and NAT enabled to a LAN port on the ISP’s modem, you’re creating a NAT inside a NAT. All outbound connections work fine, but inbound ones can be a mess. (In my case, the provided modem has some obscure networking features used by CenturyLink’s fiber-optic network.)
Instead of relying on macOS, you can turn to third-party remote access software, although my favorites have faded away and left active development, while ones that used to have free or affordable flavors have gone commercial and expensive.
TeamViewer remains the exception, being still continuously developed and free for personal, non-commercial use. It can punch through a double NAT, and it’s my preferred tool as if works on practically every platform, including macOS and iOS. The company charges a pretty hefty rate if you’re using it for business purposes, starting at $850 for a perpetual license for remotely accessing up to three devices. For business users without big budgets, I recommend LogMeIn, which is $250 a year for two devices.
Chris Breen’s 2012 directions on using SSH to reboot or shutdown a Mac via a Terminal session remain accurate, so I refer you there. But creating a remote Terminal session via SSH, a secure protocol that’s trustworthy over the Internet, requires setting up port mapping on a router or Wi-Fi base station using DHCP reservation (so your Mac has the same private IP address all the time) and NAT port forwarding (so an Internet-reachable network cubbyhole maps to the Mac you want it to).
Unfortunately, Apple no longer offers a detailed guide to AirPort configuration as it did years ago. I’m reluctant to toot my own horn, but if you really need to set up this kind of remote access for SSH or other services, you’ll find complete instructions on this topic in my book, Take Control of Your Apple Wi-Fi Network.
Remotely powercycle your Mac
Now long ago, my friends, I owned a surge protector powerstrip from Sophisticated Circuits (the PowerKey line) that had a dial-up modem built in. You could call into a phone line and it would let you use a touch-tone phone to control powercycling individual outlets, among other features. In the days of running Mac and other servers that needed “remote hands,” the several PowerKey models I owned saved a lot of late-night car trips to offices.
But we have the Internet now, and you can purchase the same kind of item that works over IP instead of a voice line. Unfortunately, these devices tend to cost a lot, but they’re designed to be robust and connect via ethernet to increase reliability. The $76 ezOutlet single-outlet remote power switch has generally positive reviews, and can be controlled via an iOS or Android app.
Another option would be to set up HomeKit with remote access, and use a HomeKit-compatible smart outlet. You can find a number of such items, including the roughly $40 iHome SmartPlug, reviewed at TechHive. But remote access requires either a 3rd or 4th generation Apple TV. If you don’t own an Apple TV, that bumps up the total cost quite a bit.
Ask Mac 911
We’ve compiled a list of the questions we get asked most frequently along with answers and links to columns: read our super FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Email yours to firstname.lastname@example.org including screen captures as appropriate. Mac 911 can’t reply to—nor publish an answer to—every question, and we don’t provide direct troubleshooting advice.