Triggering remote Keyboard Maestro via Hazel instead of web trigger

On the last show, Rose talked about using triggering Keyboard Maestro actions on her home Mac Mini via the URL triggers and Shortcuts on her phone. I just wanted to share the alternate method, that I use, that may be safer.

On my Mac, I have Hazel monitoring the iCloud folder “Shortcuts”, which is the default storage folder for Shortcut actions. Each rule looks for a specific filename. If that file is found, it deletes the file and executes an AppleScript. That AppleScript is triggering a Keyboard Maestro Macro.

For example, if Hazel sees a file named LockWorkMacMini.txt, hazel deletes that file. Then the AppleScript triggers a KM Macro that mutes my Mac mini at work, and then locks the computer.

The corresponding Shortcut on my phone is only two actions. The first is a text action that is any text at all. Doesn’t matter what it says. The second is a Document action the saves the text as a file on my iCloud Drive. The destination path is locked to “/Shortcuts/LockWorkMacMini.txt.”

That’s it. The only person who can trigger my Hazel is someone who has write access to my iCloud Drive, and knows what filenames Hazel is looking for.

Hope that helps!

4 Likes

I do like this approach, but every so often when I’m syncing large Dropbox files it will take a long time to trigger - but it’s a good solution for many people!

Rosemary - good point! I do wonder whether the iCloud sync of a small text file would be delayed by a big Dropbox sync. I guess it depends on dropbox bandwidth.

Perhaps this is crazy but couldnt this be done by just copying a piece of text, since iphone & macs clipboard are now shared. You could then get KM to pick-up what is stored in the clipboard and act on that, that should be pretty instant right? So you could have a shortcut with different options and all it does is copying text.

1 Like

Tom-that makes perfect sense, but I’ve never trusted hand off enough. In theory, it should work.

When I am on the road @Richtack @RosemaryOrchard, I use a Siri shortcut via iCloud Drive in the same way.

At home, however, I prefer a Siri shortcut with an SSH action to invoke KM macros.
In this example to login my Mac’s

The admin password remains securely in the macOS keychain and is not stored in the Siri shortcut.
To prevent unauthorized access, I have integrated a push notification into my KM macros via the service “Pushover”.

You should consider creating an SSH identity key for better security that negates the need for a password.

1 Like

How would a notification “prevent” unauthorised access?

1 Like

Alex, thanks for sharing, very interesting. Why do you prefer SSH over the method you use when you’re not at home.

Btw, saw the pushover macro and found in on the KM forums. Handy, thanks!

1 Like

The “SSH action” feels a little faster in the existing network @Richtack :wink:

Did you download this KM plugin from GitHub:

The advantage with this plugin is that you can attach an individual icon or image (under iOS) to the pushover notification besides a URL.

2019-12-28_21-45-48

Here is an example:

I’ve set up with Keyboard Maestro 1Password autofill login’s @sylumer.
If one of the logins is executed, I get immediate notifications via the app Pushover

Here is an example:

  • I unlock the security settings with one mouse click and 1Password is used to insert my admin password immediately

  • A push notification is then sent to all macOS, iOS and Apple Watch devices via pushover.
    Via “open URL” a Siri shortcut (via iCloud Drive) is executed and the Mac is locked and a snapshot is taken via the integrated FaceTime camera.

  • Then I receive another push notification with the image of the unauthorized user on the Mac.
    Via another “open URL” I can then trigger a very loud alarm and if necessary lock the keyboard of the Macs.

The template for my workflow is the app DoNotDisturb, which unfortunately is only available for the MacBook:

Thank you very much for the hint @chri.sk :+1:

The shown workflow is still created under iOS 12. I still have to deal with the setup of the SSH Identity keys.
I haven’t found any instructions on the internet how to connect the key created in the Siri shortcut to the Mac.
I am still very ignorant.

From your example, it sounds like it is providing an option to take action after login. Which would be an event after the login, not preventing the login from taking place. That’s where the confusion was arising for me as you explicitly said “prevent”.

From a security standpoint not allowing someone access vs. alerting you to take action after someone else logs in are of course very different things. For example, all it would take would be for you to be offline (e.g. on a subway, or on a plane) and no action would be taken until much later based on your example.

Any safeguard is better than none, but it is important to understand when and where they take effect.

That is correct @sylumer.

My Macs are connected to Ethernet or Wlan either at home or in the office. In public via my mobile operator’s hotspot or iPhone.

A Keyboard Maestro macro monitors the Internet connection. Should it be disconnected,
then access to the 1Password autofill logins, as well as the most important apps (Bank App, DEVONthink, Mail, System Settings, etc.) would be blocked with password protection.

There is no 100% protection, but you can make it as difficult as possible for unauthorized users.

If I @sylumer as in my example, but someone unauthorized (in the office a colleague) runs a 1Password autofill login on my MacBook (mouse click), I could immediately lock my MacBook with the Siri shortcut and would get the snapshot.

But I can also call up a Siri shortcut, which triggers a shrill alarm and immediately locks the keyboard and mouse inputs of any kind.
So from that point on the unauthorized user can’t do anything with the MacBook anymore.