On your Mac, you may notice a strangely named tool called “sshd-keygen-wrapper” while using the Privacy pane of Security & Privacy preferences to change your Privacy settings. You may run into the name of this tool elsewhere too. For example, you may also see a popup message saying, “‘sshd-keygen-wrapper’ would like to receive keystrokes from any application.” You can see it in the screenshot below.
You may wonder what this is. Should you delete or disable it? You may even wonder if your Mac is hacked or has malware. In this article, I will provide information to help answer these questions.
You can access the “sshd-keygen-wrapper” setting by going to System Preferences > Security & Privacy > Privacy. When you open this screen, you will see various Privacy options. In the list on the left side of the window, you can find Full Disk Access. If you select this option, you can disable or enable your apps, including “sshd-keygen-wrapper,” to access all files on your Mac, as you can see in the screenshot above. By default, this setting is disabled; its box is unticked.
Who put sshd-keygen-wrapper in Full Disk Access?
This may be the first question you may have. You may wonder who put it in there; is someone trying to access the Mac because your computer has been hacked? The answer is no, sshd-keygen-wrapper is part of macOS, and it is perfectly normal that you see this. It is an ssh secure shell key generator and is there for privacy protection. It lets you enable or disable remote access. It is used when you are connecting to a Mac remotely via secure shell protocol, ssh.
What is sshd-keygen-wrapper?
On your Mac, you may or may not see this. If you go to System Preferences > Sharing and turn on Remote Login, this option will appear in Full Disk Access of your Privacy settings. There are these three scenarios:
- If you have never turned on Remote Login, you won’t see sshd-keygen-wrapper.
- If you have ever turned on Remote Login, you will see it. But it is disabled, and thus, access and permission are disabled. You can remove it if you want; see the section below.
- If sshd-keygen-wrapper is ticked, access and permission are enabled.
Should it be given Full Disk Access?
The next question you may have is whether to grant sshd-keygen-wrapper full disk access. If you are accessing your Mac remotely from another Mac using ssh, you may want to tick this option. If you grant it Full Disk Access, macOS will, by default, give ssh Full Disk Access. This means that anyone who accesses your Mac using ssh can see and access all of your data, including Mail, Messages, and your files, on your Mac. Whether you should enable this option depends on your unique circumstances.
How to remove sshd-keygen-wrapper
You can remove this tool from the list of apps in the Privacy preferences. However, if you turn on Remote Login again, this will appear again. Here is how to remove it:
- Go to Apple menu > System Preferences, and click on Security & Privacy, then click on Privacy.
- Select Full Disk Access.
- This section is probably locked. Click the Lock icon to unlock it. Enter your Mac user password.
- Click to select sshd-keygen-wrapper.
- Click the (-) Remove button, as shown below.