Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
reader9274 4 days ago

Just tested it and it works flawlessly!

1. Enable: General > Sharing > Remote Management

2. After reboot, when trying to SSH you get this message:

"This system is locked. To unlock it, use a local account name and password. Once successfully unlocked, you will be able to connect normally."

3. Once you successfully ssh, the ssh connection is closed, and this message is shown:

"System successfully unlocked. You may now use SSH to authenticate normally."

4. You have to re-ssh and you're in!

kylehotchkiss 3 days ago | parent | next [-]

If you had it on prior to the MacOS update with FileVault off, MacOS automatically enabled FileVault and didn't flip the switch with SSH to support this.

So now I have a Mac mini that I have to unmount and connect to a screen to get working again. blerg

nazarewk 3 days ago | parent | prev | next [-]

I actually turned it on after the update with General > Sharing > Remote Login.

It's worth noting I had to disable and re-enable (I had it enabled to begin with) this option for SSH to start working.

Remote Management option didn't change anything for me and is currently turned off.

reader9274 a day ago | parent [-]

Ah, I use Remote Management because I also do screen sharing on this mac mini from time to time

SXX 4 days ago | parent | prev [-]

One question for you or anyone who tried it. SSH host (mac) key pre disk unlock is randomly generated and persistent?

lxgr 4 days ago | parent [-]

I'd be surprised if it were a different key from the regular host key.

Most SSH clients I know show a big and often non-overridable warning in case of a changed host key and don't allow (at least not TOFU-style) trusting two keys.

SXX 4 days ago | parent [-]

  > Most SSH clients I know show a big and often non-overridable warning in case of a changed host key and don't allow (at least not TOFU-style) trusting two keys.
You can solve this with HostKeyAlias, but yeah I doubt Apple would do this. Considering other comments mentioning "just SSHing after reboot" it's certainly the same host key.

  https://stackoverflow.com/questions/733753/how-to-handle-ssh-host-key-verification-with-2-different-hosts-on-the-same-but
PS: Another option obviously UserKnownHostsFile, but I would better keep single known hosts file.
lxgr 4 days ago | parent [-]

Wow, TIL about HostKeyAlias and CheckHostIP. Especially the latter sounds super useful when it comes to frequently changing private IPs. Thank you!