With an ssh connection to a Mac, asking to list or view the contents of items which are not protected by TCC takes place through opendirectoryd and supporting services, and doesn’t involve TCC at all.
#HOW TO SSH FROM MAC MOJAVE FULL#
Note that removing the sshd-keygen-wrapper item from the list sets it back to the first state, effectively enabling Full Disk Access: it does not prevent access to protected data at all. The only control that the user has is enabling and disabling the sshd-keygen-wrapper in the Full Disk Access list, which has the effect of toggling access to protected data for that user. It is only when Privacy settings are in the last state that access to protected data will be refused. When you try to access that Mac using ssh, if it is in either of the first two states, macOS will automatically give ssh Full Disk Access.
#HOW TO SSH FROM MAC MOJAVE UPDATE#
Despite several sessions looking carefully at this, even studying the logs of both client and server during ssh connections, I was completely wrong.įor the avoidance of any doubt, Mojave 10.14.1 update hasn’t changed the behaviour of ssh with respect to privacy protection: if you enable Remote Login to your Mac in its Sharing pane, then anyone who gains access as a user using ssh can see all that user’s private data. I’m still not quite sure what happened, but I had mistakenly concluded that Apple had changed the behaviour of the secure shell, ssh, with respect to privacy protection. I apologise again for the interruption to my regular weekly article Last Week on My Mac, which appeared then disappeared yesterday.
0 kommentar(er)
