- Jamf Nation Community
- Products
- Jamf Pro
- enable port 22 on all Macs bound to domain?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
enable port 22 on all Macs bound to domain?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-05-2016 08:08 AM
Is this possible via Casper or script?
Security has a tool that needs to access via Port 22 and are looking for ways to ensure this is enabled on all macs.
currently a lot of these are in an unmanaged state or they are using air watch currently, while we move closer to getting casper. but wanted to know if this is something that can be handled on a mass level?
thanks
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-05-2016 08:14 AM
Port 22 is SSH, which Apple (in the GUI) refers to as Remote Login.
You can easily do that in Casper by creating a policy for all computers, with the following in 'Files and Processes' Execute Command.
systemsetup -setremotelogin onNext they'll ask you to create an account on each machine :p
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-05-2016 08:18 AM
lmao. most likely [edit: actually they wanted one with read only permissions eyerolle]. this is a very disorganized set-up mac wise. so we're trying to clean it up.
since we don't have a casper instance running yet. is there a way to handle this through an alternate method (ARD? AirWatch?) they're asking for some script but the only way I knew of that casper can do it (but not entirely how until you enlightened me)....
thank you!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-05-2016 08:41 AM
Any command like above can be run through ARD. I'd imagine you could also push it with AirWatch. AW can run scripts on Mac targets, although I don't like what I've seen as far as how scripts are handled with their product.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-05-2016 08:43 AM
@mm2270 okay gotcha, yeah I'm very wary on air watch, but if remote login is not already enabled can ARD or any other method without an agent running do this?
thats where maybe I'm a bit lacking..
thank you
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-05-2016 08:50 AM
ARD doesn't use RemoteLogin, it uses RemoteManagement, which is a separate management framework. Its built into OS X since its an Apple framework, so there's no separate agent to install on any clients. Though I can't say if your Macs actually have RemoteManagement enabled or not. But, if you're currently using ARD and you have any Macs imported into it, can see them and generally run commands on them, the above script line from @thoule should work. You do need to make sure to check the "Run as root" checkbox, or whatever its called because systemsetup requires being run as root. Its been years now since I've used ARD, so I can't recall the exact name of that checkbox.
If the Macs aren't in ARD or you can't manage them that way, then look at whatever's in AirWatch next. If they aren't in either product, then you may have to look at a user self enrollment process into Casper once that's in place. There's an option in the QuickAdd settings that installs at enrollment time to enable SSH.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-05-2016 08:58 AM
perfect, that makes sense, just needed some clarification and reassurance. apologies for confusing the two - should know better ;)
thanks for the info.
