Skip to main content
Solved

[OT] ARD Kickstart not working

  • February 5, 2015
  • 5 replies
  • 33 views
ImAMacGuy
Forum|alt.badge.img+23

Would someone be willing to look at my ARD line from my FB script? For some reason the primary admin account doesn't have SSH access.

It's created with the createadmin tool 1.24, I can login to the user and everything else, the results from kickstart say that the user was added, but I still can't SSH in unless I go into sharing and enable all users.

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -clientopts -setvnclegacy -vnclegacy yes -clientopts -setvncpw -vncpw <password> -users admin1,admin2 -privs -all -allowAccessFor -specifiedUsers -restart -agent -menu
Starting... Activated Remote Management. admin1: Set user remote access. admin2: Set user remote access. Set the client options. Setting allow all users to NO. Setting all users privileges to 1073742079. Done.

Best answer by davidacland

It might be easier with dseditgroup:

/usr/sbin/dseditgroup -o edit -a admin1 -t user com.apple.access_ssh

If you do it as root it shouldn't ask for a password.

    5 replies

    K
    Forum|alt.badge.img+12
    • Kedgar
    • Contributor
    • February 5, 2015

    In the past I have broken down this from one line into maybe three or four different iterations. I've not tried for instance to use multiple -clientopts in the command. Now this has nothing to do at all with ssh access. You have to validate your admin user is part of the administration group... and also make sure that ssh is enabled and allowed for admins only.

    davidacland
    Forum|alt.badge.img+18
    • davidacland
    • Valued Contributor
    • February 5, 2015

    I didn't think ARD kickstart could do anything with SSH?

    I normally enable ssh with: 

    systemsetup -setremotelogin on

    and control access with the com.apple.access_ssh group.

    ImAMacGuy
    Forum|alt.badge.img+23
    • ImAMacGuy
    • Author
    • Esteemed Contributor
    • February 6, 2015

    i tried adding the user manually via

    dseditgroup -o edit -n /Local/Default -u admin1 -p <password> -a admin1 -t user com.apple.access_ssh

    but it pauses on waiting for the users password and doesn't allow the script to finish.

    davidacland
    Forum|alt.badge.img+18
    • davidacland
    • Valued Contributor
    • Answer
    • February 6, 2015

    It might be easier with dseditgroup:

    /usr/sbin/dseditgroup -o edit -a admin1 -t user com.apple.access_ssh

    If you do it as root it shouldn't ask for a password.

    ImAMacGuy
    Forum|alt.badge.img+23
    • ImAMacGuy
    • Author
    • Esteemed Contributor
    • February 6, 2015

    Perfect! thank you @davidacland

    Terms & ConditionsCookie settingsAccessibility statement