Monthly Archives: November 2017

SSH to Mac

I’ve taken a bold step: I’ve enabled SSH back to my home computer.

Enable SSH in macOS Server -> Settings

For OPSEC, I’ve disabled all authentication methods except Public Key, with the hope that I can have a secure, reliable, SFTP connection my home machine from anywhere.

To make this change:

  1. I added my public key to ~/.ssh/authorized_keys
    • You can run this command: ssh-copy-id -i ~/
    • …or just copy ~/.ssh/ into ~/.ssh/authorized_keys/
  2. I enabled Remote Login in System Preferences
  3. To disable password-based authentication, I edited /etc/ssh/sshd_config with these changes:
    • ChallengeResponseAuthentication no
    • PasswordAuthentication no
    • UsePAM no1

That tutorial also recommends setting KbdInteractiveAuthentication no, but according to

Specified whether keyboard-interactive authentication is allowed. By default, the value of ChallengeResponseAuthentication is used.

Since it takes the value of ChallengeResponseAuthentication by default, I haven’t specified a value for KbdInteractiveAuthentication.

After making these changes, it’s important to restart ssh:

sudo launchctl stop com.openssh.sshd

If it looks like I’ve done something foolish, please let me know!

  1. This isn’t called out in that tutorial, but disabling PAM seems like the most prudent thing here.