(keith.github.io)

507 points ingve | 1 comments | 18 Sep 25 20:15 UTC | HN request time: 0.001s | source

Show context

sugarpimpdorsey ◴[18 Sep 25 20:39 UTC] No.45294739[source]▶

Maybe stop using Macs as multiuser servers?

Unavailability of FileVault-mounted home directories when not logged in has been the case since Tiger.

I'm curious - if the OpenSSH config files are not available - how do they start sshd? If the system keys are encrypted, how do they accept connections?

There's a surprising lack of detail here.

replies(4): >>45294817 #>>45294905 #>>45294943 #>>45301003 #

dangus ◴[18 Sep 25 20:54 UTC] No.45294905[source]▶

>>45294739 #

I can’t imagine it’s too hard, I think password authentication is the key. Your user password is the same as your FileVault unlock password. I think that there’s a pre-unlock and post-unlock ssh session trick going on. The pre-unlock session just doesn’t have access to anything in the data volume and is able to use the provided password to unlock the data volume.

This would explain why it won’t work with ssh key authentication.

replies(1): >>45295205 #

1. angulardragon03 ◴[18 Sep 25 21:27 UTC] No.45295205[source]▶

>>45294905 #

Yeah iirc they have moved some stuff around that sshd relied on into the pre-boot volume, so it works exactly as you describe.

↑

Apple: SSH and FileVault