On your Mac, you may notice a strangely named tool called "sshd-keygen-wrapper" while using the Privacy & Security settings to change your Privacy settings. You may run into the name of this tool elsewhere too. For example, you may also see a popup message saying, "’sshd-keygen-wrapper’ would like to receive keystrokes from any application."
You may wonder what this is. Should you delete or disable it? You may even wonder if your Mac is hacked or has malware. In this article, I will provide information to help answer these questions.
You can access the "sshd-keygen-wrapper" setting by going to Apple menu > System Settings > Privacy & Security. When you open this screen, you will see various Privacy options. In the list on the left side of the window, you can find Full Disk Access. If you select this option, you can disable or enable your apps, including "sshd-keygen-wrapper," to access all files on your Mac. By default, this setting is disabled; its toggle is off.
Who put sshd-keygen-wrapper in Full Disk Access?
This may be the first question you may have. You may wonder who put it in there; is someone trying to access the Mac because your computer has been hacked? The answer is no, sshd-keygen-wrapper is part of macOS, and it is perfectly normal that you see this. It is an ssh secure shell key generator and is there for privacy protection. It lets you enable or disable remote access. It is used when you are connecting to a Mac remotely via secure shell protocol, ssh.
What is sshd-keygen-wrapper?
On your Mac, you may or may not see this. If you go to Apple menu > System Settings > General > Sharing and turn on Remote Login, this option will appear in Full Disk Access of your Privacy & Security settings. There are these three scenarios:
- If you have never turned on Remote Login, you won’t see sshd-keygen-wrapper.
- If you have ever turned on Remote Login, you will see it. But it is disabled, and thus, access and permission are disabled. You can remove it if you want; see the section below.
- If sshd-keygen-wrapper is enabled, access and permission are enabled.
Should it be given Full Disk Access?
The next question you may have is whether to grant sshd-keygen-wrapper full disk access. If you are accessing your Mac remotely from another Mac using ssh, you may want to enable this option. If you grant it Full Disk Access, macOS will, by default, give ssh Full Disk Access. This means that anyone who accesses your Mac using ssh can see and access all of your data, including Mail, Messages, and your files, on your Mac. Whether you should enable this option depends on your unique circumstances.
How to remove sshd-keygen-wrapper
You can remove this tool from the list of apps in the Privacy & Security settings. However, if you turn on Remote Login again, this will appear again. Here is how to remove it:
- Go to Apple menu > System Settings, and click on Privacy & Security.
- Select Full Disk Access.
- Click to select sshd-keygen-wrapper.
- Click the (-) Remove button.
- When prompted, authenticate with your password or Touch ID to confirm the change.
Note for macOS 26.1 (Tahoe) users: If you’re running macOS 26.1, you may encounter a known bug where sshd-keygen-wrapper does not display properly in the Full Disk Access list. As a workaround, you can drag the binary from Finder (located at /usr/libexec/sshd-keygen-wrapper) directly into the Full Disk Access window to manage its permissions.
