How do I induce the Mac graphical login from SSH? Is there a way to make the loginwindow
process start a user session by running a command when remotely logged in via SSH as an admin on Mac OS X?
When the machine is at the login window (no user is currently logged in), I want it to open up a user's session as if I had clicked on the username and entered a password.
Solutions that don't involve scripting the GUI are highly preferred, but this Apple KB page may be of interest for those who go that route.
Best Answer
Not knowing the password makes things complicated, but maybe the solution is: is it possible to temporarily blank out a user's password? (And afterwards reset it to whatever it was before.)
As a start:
First, get the login window to display. Just log out the current user, use fast user switching, or use SSH:
Or, to switch to a specific user right away, which will probably show the login window (this suddenly no longer works on my 10.5 Leopard):
What's shown now depends a bit on the System Preferences, but let's assume it's the users' icons and their names. To activate a name we'd have to type the first letters. Then, after Return, the password prompt shows. Alternatively one can select any name (like by pressing Arrow Down) and then press Option-Return to be prompted for both any username and its password. I don't know how one can tell which screen is shown, but let's save that for later...
So, to select the first (random) user name and press Option-Return, type a specific user name, hit Return, and type the password:
The above shows some error, which as far as I can tell does not limit the usage:
Alternatively, use the language specific script from "Script the Login window through Apple Remote Desktop" (maybe one day the comments at that site will show a better solution):
But the main problem is: this still needs the password. However: obviously no password is needed when a user has a blank password. In fact, for blank passwords just clicking a user's icon is all that's needed. So, if sending keystrokes using AppleScript is acceptable, then maybe "all" that's left to figure out:
Is it possible to temporarily blank out a user's password, to allow for starting (or resuming) the session without knowing that password...?
Can one make the AppleScript error-proof? Like:
stat -f%Su /dev/console
can help, as that yieldsroot
while the login window is displayed)(A note for testing: when using Screen Sharing it seems that setting the preference When controlling computers: Encrypt passwords and keystrokes only also retains the connection when the login window is shown, or after a user has successfully logged in. When using Encrypt all network data then my Mac needs to re-establish the Screen Sharing connection each time a login is shown or a user is switched.)