Skip to main content

Would someone be willing to look at my ARD line from my FB script? For some reason the primary admin account doesn't have SSH access.



It's created with the createadmin tool 1.24, I can login to the user and everything else, the results from kickstart say that the user was added, but I still can't SSH in unless I go into sharing and enable all users.



/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -clientopts -setvnclegacy -vnclegacy yes -clientopts -setvncpw -vncpw <password> -users admin1,admin2 -privs -all -allowAccessFor -specifiedUsers -restart -agent -menu


Starting...
Activated Remote Management.
admin1: Set user remote access.
admin2: Set user remote access.
Set the client options.
Setting allow all users to NO.
Setting all users privileges to 1073742079.
Done.

In the past I have broken down this from one line into maybe three or four different iterations. I've not tried for instance to use multiple -clientopts in the command. Now this has nothing to do at all with ssh access. You have to validate your admin user is part of the administration group... and also make sure that ssh is enabled and allowed for admins only.

I didn't think ARD kickstart could do anything with SSH?



I normally enable ssh with: 



systemsetup -setremotelogin on


and control access with the com.apple.access_ssh group.

i tried adding the user manually via



dseditgroup -o edit -n /Local/Default -u admin1 -p <password> -a admin1 -t user com.apple.access_ssh


but it pauses on waiting for the users password and doesn't allow the script to finish.

It might be easier with dseditgroup:



/usr/sbin/dseditgroup -o edit -a admin1 -t user com.apple.access_ssh


If you do it as root it shouldn't ask for a password.

Perfect! thank you @davidacland

Terms & ConditionsCookie settings