I normally avoid this forum because of the clumsiness of the interface and certainly never comment, but I'm making an exception because this has to be one of the more upsetting changes to macOS. No administrative command-line tool should ever require a GUI. While this specific user was doing this via JavaScript, I'm using ssh to Administer several dozen build servers and adding our company certificates to the keychain. If you have 'Full Disk Access' enabled for SSH and are an administrator sudo should be good enough. sudo security -i add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /Users/admin/Documents/Company.cer SecTrustSettingsSetTrustSettings: The authorization was denied since no user interaction was possible. This should be escalated as a serious bug. The sales point of macOS is built on UNIX. Developers like macOS precisely because it has the power of the UNIX command-line and a first-class GUI. So when offered built-in SSH remote access you should not be required to connect via VNC, login, launch Terminal and execute the exact same command so that you can get a GUI prompt to log in.

You have to absolutely LOVE hidden command-line options. This generate-entitlement-der option doesn't even appear in any publicly available codesign source I've seen. UPDATE: I was annoyed about this until I found the option full-metal-jacket ... Pray, tell, what on earth does it do?