How to Enable SSH on a Mac from the Command Line
All modern Macs running macOS or Mac OS X come with SSH pre-installed by default, but the SSH (Secure Shell) daemon is also disabled by default. Advanced Mac users may appreciate knowing the ability to enable SSH and disable SSH are both available entirely from the command line of Mac OS, allowing for a simple way to allow or disallow remote connections into a computer. There’s no kext loading, downloads, or compiling necessary, to turn on SSH from the Terminal on any Mac you simply have to execute a system setup command, as we’ll show in this tutorial.
A quick side note; this guide applies to all versions of macOS and Mac OS X, but is really aimed at more advanced users who spend a lot of time in the Terminal. If you want to toggle SSH off and on and avoid the command line, you can do so by enabling Remote Login in the Sharing preference panel on a Mac, or stop the server by leaving it unchecked. If you do not regularly use ssh, there is no reason to enable the ssh server on a Mac.
How to Check if SSH Remote Login is Enabled in Mac OS via Terminal
Want to check the current status of SSH on a Mac? Using the systemsetup command string we can quickly determine if SSH and Remote Login is currently enabled on any Mac:
sudo systemsetup -getremotelogin
If remote login and SSH is currently enabled, the command and report will say “Remote Login: On” whereas if SSH is disabled and in the default macOS state, it will say “Remote Login: Off”.
Enable SSH on Mac from the Command Line with systemsetup
To quickly turn on SSH server and allow incoming ssh connections to the current Mac, use the -setremotelogin flag with systemsetup like so:
sudo systemsetup -setremotelogin on
sudo is necessary because the systemsetup command requires administrator privileges, just like when you enable Remote Login from the Sharing preferences on a Mac to enable the secure shell servers.
There is no confirmation or message that Remote Login and SSH has been enabled, but you can use the aforementioned -getmorelogin flag to check and verify that SSH server is indeed now running. And yes, using -setremotelogin applies to enabling both ssh and sftp servers on the Mac.
Once ssh has been enabled, any user account or person who has a login on the current Mac can access it remotely using the ssh command aimed at the Macs IP address like so:
Once connected, the user will have remote access to the computer via the command line, and if they have an admin account or admin password, they would have full remote administration access as well.
Turn Off SSH on Mac OS with systemsetup
If you want to disable SSH servers from the command line and thereby prevent remote connections, simply switch ‘on’ to ‘off’ with the -setremotelogin flag of systemsetup like so:
sudo systemsetup -setremotelogin off
Again, sudo is necessary to toggle SSH off and disable the ssh and sftp servers.
When you successfully execute the command, you will be asked: “Do you really want to turn remote login off? If you do, you will lose this connection and can only turn it back on locally at the server (yes/no)?” so type “yes” to confirm, which will disable SSH and also disconnect any active SSH connections to the Mac in question. If you want to avoid having to type yes/no, perhaps for inclusion in a setup script or otherwise, you can use the -f flag to circumvent the question like so:
sudo systemsetup -f -setremotelogin off
Similarly, you can also use -f to skip any prompts in regards to enabling SSH as well.
systemsetup -f -setremotelogin on
Do note that whether you turn SSH off or enable SSH from the command line, the Remote Login system preference panel setting in Mac OS X GUI will be adjusted to reflect the change accordingly as well.
I found out when someone is connected to mac using SSH and you try to turn off SSH it will do so but will not kick the other person out of SSH session. macos 10.13.5
a bug? but when the person closes session and tries to log back in ssh will not connect.
That is correct. To kick out the current user from the session, fist list all the sessions using:
sudo launchctl list | grep ssh
Next, use the following command for the particular session to stop it eg:
sudo launchctl stop com.openssh.sshd.9D773989-00BB-4DCE-8D0D-6F265C0CBFEC
I hope this will help.
Great tutorial, perfect for inclusion in a setup script.
By the way if you’re in a mixed network environment and need to ssh into the Mac from a Windows PC, I find PuTTY is a good lightweight free ssh client for Windows. http://www.chiark.greenend.org.uk/~sgtatham/putty/
For iPad, I find Prompt to be the best ssh client. https://panic.com/prompt/