Mac Remote Access
Sunday, October 15th, 2023
This blog serves two purposes:
- Sharing information that I hope is useful to others
- Aide-Memoire for yours truly
This post falls into the second group, something I’ve done in the past but forgotten.
Background
The current project requires the test environments to be expanded. Several of the environments are running on Raspberry Pi SBC which is feasible now that they are available in volume once again. There is one exception, a Mac Mini with a M1 processor. This environment allows the usual tests to be run in the same manner as the Raspberry Pi boards. It also gives the ability to build the code and attach a debugger to the board invaluable for tests that are known to be failing and need to run for an extended period of time.
This sort of setup is ideal for running headless, no monitor, keyboard or mouse; we can just use MacOS screen sharing and ssh.
What is Wrong?
Enter a new (well secondhand) Mac Mini. Setup went well, attached a keyboard and mouse and ran through the setup process with no issues. Logged on to the Mac and all is well. A few configuration tweaks to enable screen sharing and remote login were required, nothing too complex, just a case of setting the right permissions.
Next step, test the remote connection. Screen sharing started OK and the Mac appeared on the network with file sharing enabled. Time for a reboot.
System rebooted OK, time to browse the network.
The new machine was not showing in the network browser and ssh was able to establish the connection.
Back to the still connected keyboard and mouse to log on. Once logged in the system once again appeared in the network browser and screen sharing and ssh worked flawlessly.
Time for another reboot and the same thing happened, machine booted OK but nothing appeared on the network until a successful login through the attached keyboard and mouse.
The Solution
This is where it gets odd. Apparently, you have to turn FileVault off. That’s right you have to turn the disc encryption off in order to enable fully remote logon.
FileVault is turned on automatically during the MacOS installation processes which makes sense. Disc encryption will make it harder for a malicious actor to recover sensitive information from a machine, so disc encryption on modern machines is good. The side effect of this is that you must logon to the Mac via an attached keyboard before it will turn up on the network.
Conclusion
I have a solution of sorts but I do find it odd that disc encryption must be disabled before remote services can be enabled on the Mac. After all, if you require remote access to a system then you are likely to be putting the physical machine in a location where access is going to be difficult.
