Skip to main content
Question

limitSSHScope.sh script - Is it possible to modify script to limit SSH access to one group?

  • May 24, 2011
  • 2 replies
  • 3 views
R
Forum|alt.badge.img+31

In the Casper 8.1 resource kit, I noticed that there was a script in Resource Kit - February 2011/All Tools/Security Scripts called "limitSSHScope.sh". This particular script is scoped to allow one user through. Has anyone modified the script so that it's allowing one group through, instead of one user?

If you have, or have another similar script that you're using, would you please share what you did?

Thanks,
Rich

---
Rich Trouton
troutonr at janelia.hhmi.org

JFRC Help Desk
phone: x4030
email: helpdesk at janelia.hhmi.org

The best way to get in touch with me is through email.

    2 replies

    R
    Forum|alt.badge.img+13
    • rockpapergoat
    • Contributor
    • 427 replies
    • May 24, 2011

    You can nest a group.

    That script looks like it creates the group, even if it doesn't exist.

    You can use dseditgroup to add an existing group to the local com.apple.access_ssh SACL group.

    Add the local admin group to it: /usr/sbin/dseditgroup -o edit -a admin -t group -n /Local/Default com.apple.access_ssh

    R
    Forum|alt.badge.img+31
    • rich.trouton
    • Author
    • Hall of Fame
    • 920 replies
    • May 24, 2011

    Thanks, Nate. I was thinking about using dseditgroup for this, so I'll make some edits to the script to use that command like you've laid out below, instead of the dscl commands included with the script.

    Rich


    Terms & ConditionsCookie settingsAccessibility statement