Setting up a Mac mini from MacStadium for headless CI

I recently got an offer from MacStadium to use one of their dedicated Mac minis to perform CI and testing tasks for my Mac-based open source projects (for example, my Mac Dev Ansible Playbook, which I use to configure my own Macs).

Apple logo on glowy laptop background

So I thought I'd document a little bit in this blog post about how I configured the Mac mini for more secure remote administration, since Macs tend to be a little more 'open' out of the box than comparable Linux machines that I'm used to working with.

Securing SSH

First of all, I used ssh-copy-id to add my SSH key to the default administrator account on the Mac mini that was created for me:

Fix macOS Screen Sharing frequent pauses or freezes

Ever since upgrading my Macs to macOS Sierra, there have been one or two times when using Screen Sharing (as part of Back to My Mac) when the session would freeze up, or intermittently pause. It seemed that every 5 or 10 seconds, there would be 10 seconds where the shared screen would stay frozen.

I could enter keystrokes, but things like pasting or clicking was hit-or-miss. This made it extremely annoying to work on one of my headless Macs (without a monitor plugged in), because I could only do work in brief spurts!

I opened up the Console app (in Applications > Utilities) to see what was happening, and quickly found that the following three errors were logged any time the screen would freeze: