This bit has been haunting me for a while. It seems every time I have only one piece of the puzzle and so I finally decided to sit down, figure it out and write it down for future generations. :)

So, here's our scenario: you're at the office behind a PC. Somewhere on the far side of the Net you have a Mac running SSH. You want to run some graphical app on the Mac. You've heard of kickstart:

cd /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources
sudo -s
./kickstart --help

From the examples we can string together a command to enable Apple Remote Desktop (not of much use, but bear with me…)

./kickstart -configure -access -on -privs -all -users username
./kickstart -restart -agent -console

That'll give full ARD access to user “username”. OK, but what about VNC?

./kickstart -configure -clientopts -setvnclegacy -vnclegacy yes
./kickstart -configure -clientopts -setvncpw -vncpw mypass

… and nothing happens. Try restarting the server - still nothing. The VNC server will not run until you've also enabled the ARD startup item:

./kickstart -configure -activate
./kickstart -restart -agent

And with 10.4.10 that's all you should have to do (assuming your firewall is configured correctly). It seems to me that before 10.4.10 there was a bug in ./kickstart which didn't XOR-encode -vncpw and thus resulted in an “authType 30” error, even though the actual code to do the encoding was in kickstart.

And then you can also set up the SSH tunnel:

ssh -L 5900:0.0.0.0:5900 remoteip