Table of Contents
SSH also known as Secure Socket Shell or Secure Shell – is a secure network protocol that allows users, especially system admins, to securely access remote devices.
All Macs have a bundled SSH server that is disabled by default but can be turned on at any time if you’d like to grant remote command line access to a machine.
Enable the SSH Server on a Mac with MacOS Ventura 13 or Newer
Turning on the macOS SSH server is done through a settings adjustment in the latest versions of MacOS system software:
1. Pull down the Apple menu and go to System Settings.
2. Open the General preference in the left panel then select Sharing from the right side.
3. Toggle the switch for Remote Login to turn on the SSH server on the Mac.
4. Optionally but recommended, select the checkbox Allow full disk access for remote users. The SSH server starts immediately, and the Mac is able to receive inbound SSH connections.
Enable the SSH Server on a Mac with MacOS Monterey or Earlier
1. Click on the Apple icon in the top-left corner of your screen and select System Preferences.
2. In the System Preferences window, select Sharing.
3. Check the box for Remote Login to turn on the SSH server on the Mac.
4. The SSH server has started, you’re free to connect to the Mac using any SSH client.
You can connect to the Mac with any SSH client from any operating system, whether it’s another Mac with Terminal, Windows PC with PuTTY, Linux with a terminal, iPhone or Android with an SSH app, Android with an SSH app, or anything else with an SSH client.
Connecting to the Mac via SSH
Once you enable Remote Login, pay attention to the text underneath it to see what the IP address is of that Mac. Helpfully, it even provides the command line syntax to use in the Terminal application to initiate the remote SSH connection: ssh username@IP-address. For example, if the IP is 172.16.150.176 and the username is “bonben” the command would look like:
PS C:\Windows\system32> ssh [email protected]
The authenticity of host '172.16.150.176 (172.16.150.176)' can't be established.
ECDSA key fingerprint is SHA256:tL6VPIctgazn41IhImx3pBwAQ6iO2C1A2Kq0mrYlqPY.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '172.16.150.176' (ECDSA) to the list of known hosts.
Password:
Last login: Sat Nov 19 16:37:42 2022
bonben@Killer ~ % ls
Applications Library Public
Desktop Movies Virtual Machines.localized
Documents Music
Downloads Pictures
