Apple: SSH and FileVault

(keith.github.io)

507 points ingve | 4 comments | 18 Sep 25 20:15 UTC | HN request time: 0.62s | source

Show context

georgeburdell ◴[18 Sep 25 21:42 UTC] No.45295378[source]▶

Biggest change for corporate non-personal Mac usage. Mac Minis are actually fairly good value and good quality for miscellaneous automation purposes. We started switching over to them at work, and the FileVault issue described here was actually one of the big things holding us back.

replies(1): >>45297133 #

TheTaytay ◴[19 Sep 25 01:50 UTC] No.45297133[source]▶

>>45295378 #

Ive been curious about using some Macs for general purpose servers. Is there anything else you do to make them easier to administrate as servers? Are you running Mac-specific stuff on them or more general purpose Linux containerized stuff?

replies(2): >>45297957 #>>45299480 #

mrtesthah ◴[19 Sep 25 04:30 UTC] No.45297957[source]▶

>>45297133 #

Macs make terrible servers. I’ve had to manage various on-premises Mac servers for the last 15-20 years and every year Apple breaks something extremely basic and obvious with no reasonable workaround. Especially these days with locking down all the administrative functions such that only a local admin user (with a SecureToken!) clicking a button in the GUI with a physically attached mouse/keyboard can enable them.

replies(2): >>45299574 #>>45305434 #

1. leakycap ◴[19 Sep 25 09:11 UTC] No.45299574[source]▶

>>45297957 #

I'd rather know how a mac server is to run today than how it was over the last 15-20 years. Seems things are getting better now, especially with this ssh news.

Security is rarely convenient. Since the early OS X days, Apple seems to be willing to do things the more secure way even if it's a bit of a hassle. Seems to be paying off for them.

replies(2): >>45303813 #>>45304036 #

2. trollbridge ◴[19 Sep 25 16:52 UTC] No.45303813[source]▶

>>45299574 (TP) #

It’s a lot harder than it used to be. You basically need to ensure you have a remote KVM, or else have access to smart hands every few months to press a button.

replies(1): >>45310192 #

3. mrtesthah ◴[19 Sep 25 17:12 UTC] No.45304036[source]▶

>>45299574 (TP) #

the point is that the “security” changes apple has been making are not broadly beneficial to the server use case and seem designed for single-user systems with no consideration for remote management/access.

This is the same reason why Apple has lost the education market to Chromebooks.

4. leakycap ◴[20 Sep 25 03:53 UTC] No.45310192[source]▶

>>45303813 #

I don't agree that it is harder than it used to be, unless you specifically mean there are a few more dialogs to hop through during install and initial setup which is annoying on recent versions. But you do this once, just like Windows UAP.

Apple sells remote management software* if you don't want to buy your own KVM solution, it's $79.99 but given that there are no per-user limits and it has been continually updated for ~20 years, I'd say it's often overlooked in discussions of remotely managing Macs.

If you want a free solution, Tahoe w/ ssh FileVault unlock makes using a Mac as a server more useful than ever with a non-Apple VNC product of your choice.

* Mac App Store link: https://apps.apple.com/us/app/apple-remote-desktop/id4099073...

↑