-
Notifications
You must be signed in to change notification settings - Fork 16
Expand file tree
/
Copy pathapple_ssh_and_filevault.7
More file actions
49 lines (49 loc) · 1.18 KB
/
apple_ssh_and_filevault.7
File metadata and controls
49 lines (49 loc) · 1.18 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
.\" Copyright (c) 2025 Apple Inc. All rights reserved.
.Dd 1 July, 2025
.Dt apple_ssh_and_filevault 7
.Os Darwin
.
.Sh NAME
.Nm apple_ssh_and_filevault
.Nd SSH and FileVault
.Sh DESCRIPTION
When FileVault is enabled,
the data volume is locked and unavailable
during and after booting,
until an account has been authenticated
using a password.
The macOS version of OpenSSH stores
all of its configuration files,
both system-wide and per-account,
in the data volume.
Therefore,
the usually configured
authentication methods
and shell access
are not available
during this time.
However, when Remote Login is enabled,
it is possible to perform password authentication
using SSH
even in this situation.
This can be used to unlock the data volume
remotely over the network.
However,
it does not immediately permit an SSH session.
Instead, once the data volume has been unlocked
using this method,
macOS will disconnect SSH briefly
while it completes mounting the data volume
and starting the remaining services dependent on it.
Thereafter,
SSH
(and other enabled services)
are fully available.
.Pp
.Sh HISTORY
The capability to unlock the data volume
over SSH
appeared in macOS 26 Tahoe.
.Pp
.Sh SEE ALSO
.Xr sshd 8