Summary
This post details how I got a remote Mac (but one still on my internal network) to execute Keyboard Maestro macros and commands on my main Mac—but to do so without using any of the obvious methods (remote trigger, folder trigger, or web server). I wanted a very reliable solution with a minimum of overhead.
The details of what I came up with are probably of interest to maybe two people total, but it may save those two some time when they go hunting for solutions. If you're not one of those two people, though, this may not be the most thrilling topic.
The tldr; version is this: Use ssh
, set up for passwordless access, to send a shell command that contains a Keyboard Maestro AppleScript to the other Mac. Read on for lots of details.
Background
Our company's cart provider doesn't have a way for customers to get new download links for their license files. As such, they have to ask me, and I then have to find their order information in the system, and navigate the cart provider's site to send the new download link. This isn't hard, but it does take anywhere from 30 seconds to two minutes per order, depending on how much digging I have to do to find the customer. And as I hate leaving customers with unlicensed apps, I prioritize these support requests when they come in. Still, it sucks for our users that aren't in time zones near me, as they face a multiple hour delay before they can re-license their apps.
With the help of a Keyboard Maestro macro that does the button clicking (and PHP, Mail, AppleScript, and Mail rules to get to the macro!), we managed to automate this task using an old laptop I had here. A customer visits our license download page, enters their email address, and the old laptop then does the work I used to do by hand. We went live a few days ago, and it's been working great, handling things without my involvement.
I didn't want to keep this robotic assistant Mac in my office, though, as there's limited room. But if it weren't here, it needed to be foolproof, since I wouldn't be able to watch it work. And while the macro works very well, it does rely on two "pause until image found" actions that I couldn't avoid using (the web site isn't automation-friendly in any way). One day, the macro got stuck on one of those actions, even though the image was plainly visible onscreen. So much for foolproof.
I rewrote the two image checking sections of the macro so they'd time out within two seconds if the image wasn't found, and log the order number that failed to a file, so I could handle it later. This prevented the macro from hanging, but it meant there would be orders I needed to manually process.
So I needed a way for the older laptop to tell my main Mac if it encountered this problem, given the robotic Mac would be out of my sight and reach.
The Possible Solutions
I considered each of the built-in solutions I was aware of for doing this, but ruled each out for various reasons:
• Remote trigger: There are some security and reliability issues noted in the wiki, and it seemed unnecessary to get the internet involved in this simple task.
• Keyboard Maestro web server: This seemed like overkill for my needs, which was to run a single macro once if a failure occurred. So far, the failures have been very rare (less than one percent), so it seemed like a waste of resources to use the web server.
• Folder trigger: Watching a folder visible to both Macs seemed feasible, but it would fail if I didn't remount the shared folder on a given Mac after a reboot or whatever. I was also concerned about network lag and how that might affect the folder watcher.
So after ruling out the three obvious choices, what was left?
The Chosen Solution
In the end, what I wound up doing was using ssh on the older Mac. ssh
can be used to create a secure shell connection between two machines, and I typically use it for remote login. But it can also be used to securely send shell commands to another machine, and that's the capability I used.
This is the command that runs on the robotic Mac: It sends an "enable macro group" AppleScript command to my main Mac, which then runs the AppleScript as if I'd done so on the machine myself:
ssh user@1.2.3.4 "osascript -e 'tell application \"Keyboard Maestro\" to set enabled of macro group id \"1DD1F111-9BCC-45D6-9A01-123FF7D7E13F\" to true'"
The macro group (as referenced by the fake UUID in the above command) is very simple, consisting of one one-action macro, and all that macro does is disable the macro group. When enabled, though, the macro group itself puts an "SOS" icon in the menu bar; I chose something that really stands out, so I won't miss it if/when it happens:
After being alerted to the problem, I can check the order and send it manually to the customer. Once done, I just click the menu bar icon to run the disabling macro...
...and the menu bar icon vanishes.
There's more power here…
You're not restricted to just enabling a macro group, obviously. Because you're just sending AppleScript, anything Keyboard Maestro can do via AppleScript can be done via the remote ssh
command. As an example, here's how to directly execute a macro:
ssh user@1.2.3.4 "osascript -e 'tell application \"Keyboard Maestro Engine\" to do script \"A1B2C3D4-5678-9ABC-DEF0-1234567890AB\"'"
For more-complex AppleScripts, you'd probably want to use a here document for easier reading, though I haven't tested that. But basically, anything you can do on your main Mac with Keyboard Maestro's AppleScript support, you should be able to make happen from the remote Mac using ssh
.
Integration into a macro
Here's the bit of my macro (with the image and some text blanked out) that runs if the image finding step fails, so you can see how it all fits together:
(That's a slightly wrong screenshot; the ssh
action is set to ignore results now, not display in window—no need to see them on a Mac I'm not looking at!)
The Pause Until has a two-second timeout, and is set to not notify or cancel the macro if the timeout is exceeded. If the timeout is exceeded, I log the order number to a file, then run the command that puts the SOS logo on my main Mac's menu bar, and exit the loop (so the next order can be processed).
In my testing, this has worked very well, though I'm still waiting for the first actual failure to see how it goes in the real world :).
Setup instructions
To make this work seamlessly from a remote (but still local) Mac, there is a bit of setup work involved. First, you (hopefully obviously) need the real IP address (internal network, not public) of the main Mac, as well as your short username on that Mac. The examples here use 1.2.3.4
and user
, which you'll clearly need to change.
You also need to enable Sharing: Remote Login in the main Mac's System Settings, which is what enables ssh
connections.
Finally, to make this work without user involvement, you need to set up something called "passwordless ssh" between the two Macs. This enables the ssh
command to work without requiring you to enter your login password; if you don't set this up, then you'd have to provide a password each time the command was called, which wouldn't work well for an unattended Mac.
Note that enabling up passwordless ssh
is is something of a security hole. Anyone who gets to my older laptop Mac can connect to my main Mac via ssh
—assuming they can find my username and the IP address of my main Mac—without using a password.
But if someone has access to that Mac, they've either penetrated my network (so they'd have access to the main Mac anyway) or they're in my home (where they'd also have access to the main Mac). The passwordless connection can't be used outside the local network, so it's not an entry point for remote attacks. And given that my laptop won't leave the house, I'm not overly concerned about this risk. But you need to judge your own setup and your comfort level with this risk before proceeding.
There are tons of guides about how to set up passwordless ssh
, but this one is one of the most-succinct I've ever seen: Just run those three commands on the remote Mac, and you'll be able to login to your main Mac using ssh
in the shell without using a password.
Once set up, try a simple command in Terminal on the remote Mac to make sure it's working:
ssh user@1.2.3.4 "osascript -e 'display notification \"Anyone home?\" with title \"Hello world!\"'"
If everything's set up correctly, you'll see a warning on your main Mac about allowing control (I don't remember the specific wording, unfortunately); say yes (only required one time), and you'll see the notification appear. If it does, then you can trigger macros, enable and disable groups, and do other things with the main Mac's Keyboard Maestro setup using the ssh
command with the appropriate bits of AppleScript.
I don't expect I'll be using this method in a ton of other macros, but it was very nice to find a reliable, no-internet-contact required method of doing Keyboard Maestro tasks on my main Mac from a remote (but still local) Mac.
-rob.