Encrypt network data in Remote Desktop
You can control the level of security when using Remote Desktop with Mac computers. Depending on the version of the Mac running Remote Desktop and the versions of the Mac client computers, the encryption varies.
macOS version running Remote Desktop | macOS client version | Authentication | Control and Observe | Copy items or install package | All other tasks |
|---|---|---|---|---|---|
macOS 13 | macOS 13 | 2048-bit RSA host keys | 2048-bit RSA host keys | 2048-bit RSA host keys to authenticate, then 128-bit AES | 2048-bit RSA host keys |
macOS 13 | macOS 10.12 | Secure Remote Password (SRP) protocol for local only. Diffie-Hellman (DH) if bound to LDAP or macOS server is version 10.11 or earlier | SRP or DH,128-bit AES | SRP or DH to authenticate, then 128-bit AES | 2048-bit RSA host keys |
macOS 11 to macOS 12 | macOS 10.12 to macOS 13 | Secure Remote Password (SRP) protocol for local only, Diffie-Hellman if bound to LDAP | SRP or DH 1024-bit, 128-bit AES | 2048-bit RSA host keys macOS 13 to macOS 10.13 | 2048-bit RSA host keys macOS 10.13 or later |
macOS 11 to macOS 12 | OS X 10.11 or earlier | DH 1024-bit | DH 1024-bit, 128-bit AES | Diffie-Hellman Key agreement protocol with a 512-bit prime | Diffie-Hellman Key agreement protocol with a 512-bit prime |
When using Copy Items or Install Packages, encryption isn’t enabled by default. You need to enable it for each Copy task, or globally in Remote Desktop preferences. Even installer package files can be intercepted if they’re not encrypted. Alternatively, you could encrypt the file archive before copying it.
Important: If you use Remote Desktop to control a computer running non-Apple VNC software, nothing is encrypted.
Encrypt all file transfers by default
You can encrypt all file transfers by default.
In Remote Desktop
, choose Remote Desktop > Preferences, then select Security.Check “Encrypt network data when using Copy Items” or “Encrypt network data when using Install Packages.”
Encrypt a single file transfer
You can encrypt a single file transfer without making that the default setting.
In Remote Desktop
, in the Copy Items task or Install Packages task configuration window, select “Encrypt network data.”