5

I have a Mac Mini, M1, which I use remotely via SSH / VNC.

From time to time I need to issues a reboot to the machine.

After rebooting however, I am unable to establish an SSH connection as all I get are 'Connection Refused' packets.

It seems that machine does not actually finish the boot process until first login; only after entering my password on the local machine does it start accepting SSH connections.

How can I make the Mac actually finish booting without someone physically at the machine?

Improve this question
0

3 Answers 3

Reset to default
3

There has been an important change that supersedes the previous answers to this question.

In macOS 26 (Tahoe), but not earlier versions, if remote login (SSH) and FileVault are enabled, you can connect remotely while the Data volume is still locked and unlock it with a FileVault user's password:

"FileVault can now be unlocked over ssh after a restart if Remote Login is enabled and a network connection is available. More information is available on the apple_ssh_and_filevault manual page."

What's new for enterprise in macOS Tahoe 26 (support.apple.com)

The effect is the same as entering the password at the login screen after a system startup, except that you have to log in again after the Data volume unlocks.

Improve this answer
1
  • This does not start the loginwindow process or mount external drives in my limited testing, but it's very much improved since the pre-boot OS can now listen for ssh to unlock storage and then start the Remote Desktop access in a pre-log in state. Commented Oct 3 at 16:48
0

Depending on physical security requirements at the far end, you could set it to auto-login

enter image description here

Improve this answer
2
  • This is an option... as when I have the VNC session the remote desktop is active - but this would allow anyone to walk up to the machine, reboot it, and have access to the desktop without me being aware. I'd prefer the machine to just finish the boot process. Commented Aug 24, 2021 at 7:17
  • The problem @MattClark is the machine isn’t booted until the volume gets unlocked. You’re running pre boot software that doesn’t have ssh or OS accounts available. Commented May 10, 2024 at 18:15
0

On macOS 26, ssh now unlocks FileVault.

me@Mac ~ % ssh m1.local This system is locked. To unlock it, use a local account name and password. Once successfully unlocked, you will be able to connect normally. ([email protected]) Password: System successfully unlocked. You may now use SSH to authenticate normally.

At that point, you have to kill the initial ssh session and log in a second time once FileVault has unlocked the storage and the OS has started.

On older macOS, you are locked out by design for most Mac hardware.

The system boots to firmware and presents an unlock rather than self-unlocking and starting the OS unless you save a one-time token generated with your account password to unlock the storage and start the OS after the reboot.

fdesetup authrestart

Software update prompts for your password and does the same processing as the fdesetup command does above.

fdesetup – FileVault configuration tool

If FileVault is enabled on the current volume, it restarts the system, bypassing the initial unlock.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.