I have a MacPro with FileVault enabled. After the machine reboots, I can no longer ssh into the machine until I physically go to the machine and log in at least once.
I would like to be able to configure it so that I no longer have to physically go to the machine to log in, but would be able to log in via ssh.
Is this possible?
Once the initial boot FileVault decryption password has been given to the device drivers, the disk is fully accessible to the operating system.
ssh has nothing to do with that.
But if after a reboot you have not entered the FileVault decryption password, then the macOS will not boot, and ssh be available.
You can use the following command to initiate a reboot and provide the FileVault decryption password as part of the reboot sequence so that you do not need to physically be in front of the Mac to enter the FileVault decryption password
sudo fdesetup authrestart
Once the initial boot FileVault decryption password has been given to the device drivers, the disk is fully accessible to the operating system.
ssh has nothing to do with that.
But if after a reboot you have not entered the FileVault decryption password, then the macOS will not boot, and ssh be available.
You can use the following command to initiate a reboot and provide the FileVault decryption password as part of the reboot sequence so that you do not need to physically be in front of the Mac to enter the FileVault decryption password
sudo fdesetup authrestart
The situation I am concerned with is an unexpected power loss and a reboot of the machine. So, the fdesetup command could not be involved.
Is it possible to allow a remote login via ssh or is it required that the first login be performed at the machine itself?
Understood.
bug report filed at https://bugreport.apple.com --rdar://44730960
I am guessing it will be marked as a duplicate. I cannot believe I am the only one who might want or need something like this.
An Uninterruptable Power Supply would deal with short duration power outages. The amount of capacity you buy will determine how long the UPS will keep your system running.
I have a UPS on a lot of my home equipment, including my backup server, my cordless phone base station, my broadband modem, my router, etc..., as well as a USP on my office iMac. While they do not keep things alive when there is a multiple hour long outage (or days in the case of ice storms taking out millions of area customers), it does handle the under an hour power interruptions.
You could set up your machine with two partitions. put the base macos an un-encrypted partition which boots up. Put all your user data on another encrypted partition. You could put on admin user on the system partition if you needed to do some emergency admin. You will have to assess the security implications of this configuration.
You can set things up so a user's home folder is on the encrypted disk.
R
No. At that point in time macOS is NOT booted. You are talking to a tiny boot loader with just enough smarts to ask for your FileVault encryption password.
Indeed.. A UPS does appear to be the best option for now.
Can I log in remotely to a machine with FileVault enabled after a reboot?
