What is ‘sshd-keygen-wrapper’ on Mac?

Do you feel threatened by the pop-ups in your MAC related to “sshd-keygen-wrapper”? We understand your fear. At first glance, it looks like a virus attack. But before we make any judgment, let’s find out what is ‘sshd-keygen-wrapper’ on Mac.

“sshd-keygen-wrapper” is not a random malware. It’s just a tool used by macOS to generate a public key or password for remote access. It’s only available on your computer if you have enabled remote log-in using the SSH server earlier.

The reason behind your fear is unfamiliarity with the term. Once you know how it works, you should be fine. So, here we go with our brief and straight-to-the-point explanation of this tool and whether you should use it. So, stay tuned.

What is ‘sshd-keygen-wrapper’ on Mac?

You need the “sshd-keygen-wrapper” tool to use the SSH server. It connects you to another computer using a special password or key. This specific tool is responsible for generating different combinations of keys. As a result, only the real user can access the data.

But you might never know this tool exists. Depending on how you use your computer, the sshd-keygen-wrapper might be present or absent in the menu. For example, there can be one of three cases.

Case 1: You have never used the remote log-in service from your MAC. That means the  keygen-wrapper option would be absent from the menu. And you will never receive a pop-up message like the one you see in the picture below.

Source: https://youtu.be/ucsaYwQaBwg

Case 2: You have used the remote log-in access before. In that case, the “keygen-wrapper” option will be available in the menu. But, the box will be unchecked, meaning; currently, the sharing feature is disabled. It’s good because outsiders can’t get data from your computer.

Case 3: You enabled the remote SSH access before, and it’s still active. In that scenario, the above mentioned tool will have a checked box beside it. That indicates a great threat. And it also explains why you might be getting all these pop-up notifications and warnings.

How To Check If You Have Enabled “sshd-keygen-wrapper” On MAC?

Now that you know what “sshd-keygen-wrapper” means, it’s time to check whether you have enabled it. For that, follow the steps below.

  • Go to Apple menu > system preference > choose security and privacy.
  • Next, click on “privacy.”
  • You can see a long list on the left side. Scroll the list and look for “full disk access.”
  • Under the disk category, you can see several tools with a checked or unchecked box beside them.
  • The host key-generating tool is activated if you see a box beside the “sshd-keygen-wrapper”.

Source: https://macreports.com/what-is-sshd-keygen-wrapper-on-mac/

To disable the “keygen-wrapper,” just uncheck the box. Remember that you might need to provide your password and user id before making changes.

Is It Safe For Your MAC To Have SSH Server Access?

SSH is the short form for a secure shell. The main purpose of an SSH server is to safely connect two computers over an insecure connection system like the Internet. It’s an integrated part of the MAC operating system. So, you don’t have to worry whether it’s malware or not.

The main users of this feature are remote workers who need to access their office computers from home. SSH server allows the two remote computers to connect using a password or public key. If you can successfully write the host key generated for you, the SSH server will encrypt the data transmission between the two computers. That prevents other computers on the network from accessing your computer’s data or important files.

Now, that doesn’t mean the SSH server access is always good. It can go terribly wrong if you are not careful enough. If SSH access is enabled for a long time, illegal hackers can easily generate a key to log into your computer and see your data.


At this point, you know how to activate or disable the “sshd-keygen-wrapper”. But before we end this brief discussion, here is a short FAQ section for you. Hope it will clear all your queries.

How Do I Check If My MAC Has Remote Log-in Enabled?

It’s pretty to check. First, open the command prompt and type “sudo launchctl list com.openssh.sshd.” Now, press enter. If you get an error, that’s good. It means the remote access is not active at the moment. However, if the code generates a script ending with “sshd-keygen-wrapper,” your MAC has active remote access. 

Is Remote Log-in Harmful For Your Computer?

Yes, you should never enable access unless you are in an emergency. Some illegal hackers might ask you to enable the “sharing” feature to fix certain issues in your computer. And, before you know it, they have access to all your private data. So, you have to be aware of these kinds of scams.

What Is Full Disk Access On MAC?

You can find the “full disk access” on the menu list under privacy. This tool makes sure that all the applications are running by the user’s permission. It will protect sensitive data on the computer from being transported without your knowledge. In the prior versions of the macOS, the applications didn’t need user permission.


As you can see, the “sshd-keygen-wrapper” is an essential part of your macOS. But most MAC users never come across this tool. Because it is hidden in the privacy pan under “system preference.” 

Plus, you won’t see this in the menu if you never had to access your computer from a distant place.

That might be the main cause why people assume it’s random malware trying to access their data. But apart from all this, having the “sharing” feature turned on can have grave consequences.

So, we highly advise you to disable the remote log-in once your job is done.

Scroll to Top