SSH server not working after upgrade to MacOS High Sierra (11.3)

I finally figured it out after a few days of trial and error.

You need to recreate the _sshd user in Directory Utility ...

The Directory Utility is hard to describe how to get to... Settings > Users & Groups > Click Login Options > Small button that says Network Account Server "Join..." Then a thin dialog opens up and the first of 3 buttons is the open. Then navigate to the third Map icon. And add your _sshd user here. I just copied the settings from another Mac.

It is possible to do it from the command line using dscl. But I couldn't find a way to export the record from one Mac to another...

A big pain in the ...

I'm still using macOS Sierra, but last week I installed (from scratch) High Sierra onto my nephew's MacBook Air.

I didn't see any extra users apart from the two users I created. One admin and one standard user for everyday work.

Apart from being paranoid, I learnt by experience that even though Apple made an excellent job letting the user upgrade, and most of the time everything ends up smoothly, in certain situation is better to do a clean install.

Why?

Simply because the user does not usually stare at the computer screen. He uses it. And using something generally wears it out.

I have the same issue. Driving me mad trying to find a solution.

Holy ***** your the "MAN"... the command line gods bow down to your skills.

Your doing gods work here on earth....

thank you.

I did the same, so I’m sure others will.

My the force be with you.

Thanks. It is very kind of you.

Nothing magical. With the right combination of experience, curiosity, enthusiasm and research everyone can do it 😉

I installed HS on 5 machines and only one had extra users... It's probably a settings thing.

Did you upgrade or clean install?

I usually clean install between major releases. But I'm paranoid by nature 😀

jjennings089 wrote:

The Directory Utility is hard to describe how to get to

Or simply search "Directory Utility" using Spotlight or open in Finder /System/Library/CoreServices/Applications

It is possible to do it from the command line using dscl. But I couldn't find a way to export the record from one Mac to another...

If you have another computer where the user in question exists, exporting its record from the command line issue

dsexport -r _sshd ~/Desktop/sshd.txt /Local/Default dsRecTypeStandard:Users

The output file is an ASCII text file and is placed on the user's Desktop. Copy the file sshd.txt onto the computer where the user is missing. Place it on the Desktop, for the purpose of this example. Open Terminal and issue

dsimport ~/Desktop/sshd.txt /Local/Default I

The final I means ignore the record if it exists. You can use O to overwrite it.

Just in case you don't have another computer, the following two lines are the raw content of the file sshd.txt

0x0A 0x5C 0x3A 0x2C dsRecTypeStandard:Users 8 dsAttrTypeStandard:NFSHomeDirectory dsAttrTypeStandard:GeneratedUID dsAttrTypeStandard:RecordName dsAttrTypeStandard:RealName dsAttrTypeStandard:PrimaryGroupID dsAttrTypeStandard:UniqueID dsAttrTypeStandard:Password dsAttrTypeStandard:UserShell
/var/empty:FFFFEEEE-DDDD-CCCC-BBBB-AAAA0000004B:_sshd,sshd:sshd Privilege separation:75:75:*:/usr/bin/false

this is the hexdump. Each line must be terminated with the Unix new line 0x0a (red highlighted in the code below)

If you want to use the lines above edit and save it with a text editor, like vi (in Terminal) or a GUI text editor TextEdit or BBedit. When using a GUI editor be sure to set Text Only

hexdump -C ~/Desktop/sshd.txt 
00000000  30 78 30 41 20 30 78 35  43 20 30 78 33 41 20 30  |0x0A 0x5C 0x3A 0|
00000010  78 32 43 20 64 73 52 65  63 54 79 70 65 53 74 61  |x2C dsRecTypeSta|
00000020  6e 64 61 72 64 3a 55 73  65 72 73 20 38 20 64 73  |ndard:Users 8 ds|
00000030  41 74 74 72 54 79 70 65  53 74 61 6e 64 61 72 64  |AttrTypeStandard|
00000040  3a 4e 46 53 48 6f 6d 65  44 69 72 65 63 74 6f 72  |:NFSHomeDirector|
00000050  79 20 64 73 41 74 74 72  54 79 70 65 53 74 61 6e  |y dsAttrTypeStan|
00000060  64 61 72 64 3a 47 65 6e  65 72 61 74 65 64 55 49  |dard:GeneratedUI|
00000070  44 20 64 73 41 74 74 72  54 79 70 65 53 74 61 6e  |D dsAttrTypeStan|
00000080  64 61 72 64 3a 52 65 63  6f 72 64 4e 61 6d 65 20  |dard:RecordName |
00000090  64 73 41 74 74 72 54 79  70 65 53 74 61 6e 64 61  |dsAttrTypeStanda|
000000a0  72 64 3a 52 65 61 6c 4e  61 6d 65 20 64 73 41 74  |rd:RealName dsAt|
000000b0  74 72 54 79 70 65 53 74  61 6e 64 61 72 64 3a 50  |trTypeStandard:P|
000000c0  72 69 6d 61 72 79 47 72  6f 75 70 49 44 20 64 73  |rimaryGroupID ds|
000000d0  41 74 74 72 54 79 70 65  53 74 61 6e 64 61 72 64  |AttrTypeStandard|
000000e0  3a 55 6e 69 71 75 65 49  44 20 64 73 41 74 74 72  |:UniqueID dsAttr|
000000f0  54 79 70 65 53 74 61 6e  64 61 72 64 3a 50 61 73  |TypeStandard:Pas|
00000100  73 77 6f 72 64 20 64 73  41 74 74 72 54 79 70 65  |sword dsAttrType|
00000110  53 74 61 6e 64 61 72 64  3a 55 73 65 72 53 68 65  |Standard:UserShe|
00000120  6c 6c 0a 2f 76 61 72 2f  65 6d 70 74 79 3a 46 46  |ll./var/empty:FF|
00000130  46 46 45 45 45 45 2d 44  44 44 44 2d 43 43 43 43  |FFEEEE-DDDD-CCCC|
00000140  2d 42 42 42 42 2d 41 41  41 41 30 30 30 30 30 30  |-BBBB-AAAA000000|
00000150  34 42 3a 5f 73 73 68 64  2c 73 73 68 64 3a 73 73  |4B:_sshd,sshd:ss|
00000160  68 64 20 50 72 69 76 69  6c 65 67 65 20 73 65 70  |hd Privilege sep|
00000170  61 72 61 74 69 6f 6e 3a  37 35 3a 37 35 3a 2a 3a  |aration:75:75:*:|
00000180  2f 75 73 72 2f 62 69 6e  2f 66 61 6c 73 65 0a     |/usr/bin/false.|