apple_ssh_and_filevault(7) | Miscellaneous Information Manual | apple_ssh_and_filevault(7) |
apple_ssh_and_filevault
—
SSH and FileVault
When FileVault is enabled, the data volume is locked and unavailable during and after booting, until an account has been authenticated using a password. The macOS version of OpenSSH stores all of its configuration files, both system-wide and per-account, in the data volume. Therefore, the usually configured authentication methods and shell access are not available during this time. However, when Remote Login is enabled, it is possible to perform password authentication using SSH even in this situation. This can be used to unlock the data volume remotely over the network. However, it does not immediately permit an SSH session. Instead, once the data volume has been unlocked using this method, macOS will disconnect SSH briefly while it completes mounting the data volume and starting the remaining services dependent on it. Thereafter, SSH (and other enabled services) are fully available.
The capability to unlock the data volume over SSH appeared in macOS 26 Tahoe.
1 July, 2025 | Darwin |