Skip to main content
Question

Creating Hidden SSH Accounts Using the jamf binary

  • November 26, 2014
  • 6 replies
  • 0 views
P
Forum|alt.badge.img+6
  • pty10
  • Contributor
  • 53 replies
  1. Using the steps on this thread

https://jamfnation.jamfsoftware.com/article.html?id=147

for OS X v10.7.5

When I run the command on the MacBook:
defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool YES

seems to work. However when I run the following command: (changing the username and password and using my own of course)

/usr/sbin/jamf createAccount -username <netadmin> -realname <"Network Administrator"> -password p@55w0rd -home </var/netadmin> -hiddenUser -admin -secureSSH

I get error:

-bash: netadmin: No such file or directory

Wondering what I'm missing or doing wrong? Im running the command from my Macbook. I also tried 'sudo' at the beginning of the command with no luck. I also tried to add the netadmin folder to /var/ but no luck either.

2.Once I get the hidden account to work, Will I then have to create a new image and deploy it so all computers can have the hidden account or can I get Casper to do this automatically using a script?

Thanks,

Enrique

    6 replies

    davidacland
    Forum|alt.badge.img+18
    • davidacland
    • Valued Contributor
    • 1811 replies
    • November 26, 2014

    Just tried it on my 10.10.1 Mac with this format and it worked ok:

    sudo /usr/sbin/jamf createAccount -username netadmin -realname "Network Administrator" -password "p@55w0rd" -home "/var/netadmin" -hiddenUser -admin -secureSSH

    Are you including the "<" & ">"?

    davidacland
    Forum|alt.badge.img+18
    • davidacland
    • Valued Contributor
    • 1811 replies
    • November 26, 2014

    ...and with 10.10, deleting the user is as easy as:

    sudo sysadminctl -deleteUser netadmin

    Handy new command!

    S
    Forum|alt.badge.img+12
    • Simmo
    • Contributor
    • 222 replies
    • November 27, 2014

    If you can't get that working, could always use dscl to create the account, or sysadminctl on 10.10

    S
    Forum|alt.badge.img+12
    • Simmo
    • Contributor
    • 222 replies
    • November 27, 2014

    As for deploying it, I expect you already have an admin account on there in which you know the password to?
    You can certainly create a policy in Casper to push this new management account out to everyone, either via a payload free package or just a plain script.

    P
    Forum|alt.badge.img+6
    • pty10
    • Author
    • Contributor
    • 53 replies
    • November 27, 2014

    Hi David,

    I was adding the <" & "> to the command which is why it wasn't working. All good now thanks.

    P
    Forum|alt.badge.img+6
    • pty10
    • Author
    • Contributor
    • 53 replies
    • November 27, 2014

    Hi Matt,

    what I ended up doing at the end was using the createUserPkg to create the hidden account

    http://magervalp.github.io/CreateUserPkg/

    After I created the package, I then created a policy to deploy the package to the computers and that worked.

    I do know the username and password for the hidden account. My question is, how do I change the password on the hidden account if I need to? What steps do I follow?

    Thanks,

    Enrique

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings