Help

Creating Hidden SSH Accounts Using the jamf binary

pty10
New Contributor III

Posted on ‎11-25-2014 11:48 PM

  1. Using the steps on this thread

https://jamfnation.jamfsoftware.com/article.html?id=147

for OS X v10.7.5

When I run the command on the MacBook:
defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool YES

seems to work. However when I run the following command: (changing the username and password and using my own of course)

/usr/sbin/jamf createAccount -username <netadmin> -realname <"Network Administrator"> -password p@55w0rd -home </var/netadmin> -hiddenUser -admin -secureSSH

I get error:

-bash: netadmin: No such file or directory

Wondering what I'm missing or doing wrong? Im running the command from my Macbook. I also tried 'sudo' at the beginning of the command with no luck. I also tried to add the netadmin folder to /var/ but no luck either.

2.Once I get the hidden account to work, Will I then have to create a new image and deploy it so all computers can have the hidden account or can I get Casper to do this automatically using a script?

Thanks,

Enrique

0 Kudos
6 REPLIES 6

davidacland
Honored Contributor II
Honored Contributor II

Posted on ‎11-26-2014 11:05 AM

Just tried it on my 10.10.1 Mac with this format and it worked ok:

sudo /usr/sbin/jamf createAccount -username netadmin -realname "Network Administrator" -password "p@55w0rd" -home "/var/netadmin" -hiddenUser -admin -secureSSH

Are you including the "<" & ">"?

0 Kudos

davidacland
Honored Contributor II
Honored Contributor II

Posted on ‎11-26-2014 11:15 AM

...and with 10.10, deleting the user is as easy as:

sudo sysadminctl -deleteUser netadmin

Handy new command!

0 Kudos

Simmo
Contributor II
Contributor II

Posted on ‎11-26-2014 08:07 PM

If you can't get that working, could always use dscl to create the account, or sysadminctl on 10.10

0 Kudos

Simmo
Contributor II
Contributor II

Posted on ‎11-26-2014 08:11 PM

As for deploying it, I expect you already have an admin account on there in which you know the password to?
You can certainly create a policy in Casper to push this new management account out to everyone, either via a payload free package or just a plain script.

0 Kudos

pty10
New Contributor III

Posted on ‎11-27-2014 05:34 AM

Hi David,

I was adding the <" & "> to the command which is why it wasn't working. All good now thanks.

0 Kudos

pty10
New Contributor III

Posted on ‎11-27-2014 05:44 AM

Hi Matt,

what I ended up doing at the end was using the createUserPkg to create the hidden account

http://magervalp.github.io/CreateUserPkg/

After I created the package, I then created a policy to deploy the package to the computers and that worked.

I do know the username and password for the hidden account. My question is, how do I change the password on the hidden account if I need to? What steps do I follow?

Thanks,

Enrique

0 Kudos