- Jamf Nation Community
- Products
- Jamf Pro
- Creating Hidden SSH Accounts Using the jamf binary
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Creating Hidden SSH Accounts Using the jamf binary
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-25-2014 11:48 PM
- Using the steps on this thread
https://jamfnation.jamfsoftware.com/article.html?id=147
for OS X v10.7.5
When I run the command on the MacBook:
defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool YES
seems to work. However when I run the following command: (changing the username and password and using my own of course)
/usr/sbin/jamf createAccount -username <netadmin> -realname <"Network Administrator"> -password p@55w0rd -home </var/netadmin> -hiddenUser -admin -secureSSH
I get error:
-bash: netadmin: No such file or directory
Wondering what I'm missing or doing wrong? Im running the command from my Macbook. I also tried 'sudo' at the beginning of the command with no luck. I also tried to add the netadmin folder to /var/ but no luck either.
2.Once I get the hidden account to work, Will I then have to create a new image and deploy it so all computers can have the hidden account or can I get Casper to do this automatically using a script?
Thanks,
Enrique
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-26-2014 11:05 AM
Just tried it on my 10.10.1 Mac with this format and it worked ok:
sudo /usr/sbin/jamf createAccount -username netadmin -realname "Network Administrator" -password "p@55w0rd" -home "/var/netadmin" -hiddenUser -admin -secureSSHAre you including the "<" & ">"?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-26-2014 11:15 AM
...and with 10.10, deleting the user is as easy as:
sudo sysadminctl -deleteUser netadminHandy new command!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-26-2014 08:07 PM
If you can't get that working, could always use dscl to create the account, or sysadminctl on 10.10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-26-2014 08:11 PM
As for deploying it, I expect you already have an admin account on there in which you know the password to?
You can certainly create a policy in Casper to push this new management account out to everyone, either via a payload free package or just a plain script.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-27-2014 05:34 AM
Hi David,
I was adding the <" & "> to the command which is why it wasn't working. All good now thanks.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-27-2014 05:44 AM
Hi Matt,
what I ended up doing at the end was using the createUserPkg to create the hidden account
http://magervalp.github.io/CreateUserPkg/
After I created the package, I then created a policy to deploy the package to the computers and that worked.
I do know the username and password for the hidden account. My question is, how do I change the password on the hidden account if I need to? What steps do I follow?
Thanks,
Enrique
