You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: a_r_kitekt
a_r_kitekt Author
User level: Level 1
34 points

sshd-keygen-wrapper

hi everyone,


running macOS Ventura 13.4.1 on a new Mac Studio M1 Max 32gb. while I am aware of what sshd-keygen-wrapper is and what it is used for, my concern is that this showed up in my full disk access list already armed, and I do not now, nor have I ever accessed this or any other Mac I owned remotely. obviously this is a wrapper that only activates when you access your Mac remotely, and I have had issues with another Mac previously where my wifi was hacked and was being ddos flooded from Mac headquarters itself, if the reverse ip lookup is to be trusted, but I have since replaced routers, modems, and passwords, and no longer use wifi - it is hardwired into the network. Knowing what we know about key gen wrapper, should this be a concern? I have unchecked full disk access for this program, but it looks like "terminal" showed up at or around the same time on this list, but I have given terminal full disk access, because, well, it's terminal. Everyone keeps saying that Macs are immune to viruses and intrusion, but I personally know this to be a false sense of security. nothing is "unhackable" -

do I have an issue on my hands? if so, what should I do about it?


Thanks

Mac Studio (2022)

Posted on Jul 8, 2023 12:22 AM

Reply

Similar questions

7 replies
User profile for user: MrHoffman
MrHoffman
Community+ 2024
User level: Level 10
124,219 points

Oct 9, 2023 11:10 AM in response to rsblanchard

rsblanchard wrote:

It was used by older incantations of Micromat's TechTool-Pro [v18.0.3] on Ventura -- apparently it was/is a hack by Apple to allow private entries, in the Keychain, where Apple's increased security wouldn't ordinarily allow it, according to internet sources .


Okay, y’all made me dredge up an old reply of mine. Here you go:


The sshd-keygen-wrapper tool is an ssh secure shell key generator that is part of macOS, and is used when initially connecting to a Mac remotely via ssh.

If you've enabled ssh remote access via > System Preferences > Sharing, then this'd be a pretty typical tool to be used as part of that.

Here's the entirety of the bash shell source code of the tool:
https://opensource.apple.com/source/OpenSSH/OpenSSH-95/sshd-keygen-wrapper.auto.html


Basically, the tool creates several SSH-related keys to uniquely identify your particular Mac to folks connecting into it via ssh. This is a central part of enabling ssh remote access into any system with an ssh server.

If you're concerned about folks causing shenanigans, then avoid installing add-on cleaners or add-on security tools—those can be less effective and more problematic than any of us might like, can create vulnerabilities, and can sometimes cause slowdowns, crashes and hangs—and do ensure that you have complete and current backups, and particularly have at least some backups that are rotated away from your computer, or otherwise disconnected from your computer. There are certainly other recommendations here too, but these backups are your path to data recovery from loss or theft or breach or damage.


This tool creates the host keys needed for ssh, if those host keys are not already created and present.


ssh host keys uniquely identify the host to ssh clients, but do not themselves grant access into the host.


PS: JAMF, among others, is aware of this tool.

Reply

sshd-keygen-wrapper

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up