1

I have setup a build server using a Mac Mini with M1 CPU, running OS X 13. Almost all went fine, but I wasn't able to login via SSH, even though everything was configured correctly. Ping worked, but no SSH and bo VNC.

I was pulling a few hairs. Eventually, I drove to the office where the Mac is in the server room, logged in via GUI... And was able to login via SSH even.

As it turned out, I really need to login via GUI at least once in order to enable SSH and VNC after each reboot.

This is no solution for a server hidden in a server room.

Can this be changed via some hidden config files in OS X? Or is that because I have FileVault enabled?

Improve this question

1 Answer 1

Reset to default
0

Assuming you enabled SSH access on de MacMini's settings via the Settings app in the Share section, and assuming that you are trying to connecting over the internet (that you needed to drive to your office) it means that the device has no port forwarding setup in the router in the office.

Here's the flow you want;

  • The Office modem/router to forward port 22 to the MacMini's local IP (which should be reserved in DHCP to prevent issues when the lease expires)
  • MacMini SSH enabled via the Settings app and granted access to your specific user
  • MacMini should wake on lan if needed (likely more difficult on WiFi) or just not go in full sleep mode
  • From your other machine you call the office public IP on port 22 (or any port you had it receive as your external port)

If your office has a dynamic IP allocation, then you'll even have more issues to solve, because then the office needs to constantly broadcast somewhere what it's most recent obtained public IP is.

Improve this answer
6
  • This is not the problem in my case. As mentioned, I can ping the mac and it has a fixed static IP. I can assure that only the ping (ICMP) service is running at that time, other ports are not running. I tested this by doing a port probe from the router where the mac is behind.
    – benjist
    Commented Nov 10, 2022 at 11:20
  • The probe might still mean that the Mac is unreachable if it went into sleep state. You can try something like wakeonlan or for a day test to forbid it to go sleep at all, to see if it makes a change. I've been using SSH bi-directional on many different iMacs/Minis & MacBooks and always run default settings and only saw the behavior your naming on MacBooks, when they sometimes fall into a full sleep state and refuse to wake up on a LAN ping (over ethernet). I'm not sure if wake up on LAN via WiFi is supported on Mac hardware.
    – Fëanorson
    Commented Nov 10, 2022 at 12:12
  • 1
    I have tried it when rebooting the mac, the login screen showing, and simultaneously trying to connect from a laptop sitting next to it. I would expect it just the way you say, as I have never run into this issue with my macs before in this way. I can only make guesses from here: OS X 13 has a bug, it's filevault (PW required to unlock the disk and run other services than ping), some new security feature for M1 Macs. I'm puzzled also, but I can assure it's not the network or sleep mode. I've also disabled all standby settings as possible.
    – benjist
    Commented Nov 10, 2022 at 16:29
  • I'm sorry to hear this :(. I hope you can find some solution. Knowing Apple it's likely difficult to get any useful help from them. The only thing I can recommend is try to zoom in into ever aspect and try to debug every step of the process. I know it's not much to go with; but it might reveal something. Maybe finding another Mini from the Intel era with 13.x as well to see if it's similar. The security chip should still be separate on either Intel or the M ARM era for encryption.
    – Fëanorson
    Commented Nov 11, 2022 at 11:00
  • @benjist You are right, but it is not really a bug per se; it seems to be intentional. Newer Macs are FileVault encrypted by default, and almost all services (including SSH) are not allowed to run prior to preboot authentication. In principle, with software encryption, SSH could be included in the preboot authentication (you can do this with a Linux machine using LUKS encryption and Dropbear SSH), but it does not seem to be configurable in macOS. It may not be possible with a T2 security chip.
    – Bob
    Commented Dec 9, 2022 at 18:00

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .