Enable remote login remotely?

Contributor II

This is likely a stupid question, but prior to our JSS implementation, macs have been given out (about 300) with remote login (ssh) turned off. Is there anyway to remotely turn this on without enduser interaction?


Contributor II

Valued Contributor II

Computer Management/Check-In/Start up script.

Sorry didn't read the full question : )


Valued Contributor

@rpayne search the jamfnation for first boot scripts. There should be snippet that does this. If no one replies, I will paste mine in the morning


Valued Contributor

@rpayne Below is the snippet I use. I am not the original author

# Set Remote Management for the adminuser
# adminUser = Admin User Name for Remote Access
# Define Remote Management Settings
privs="-DeleteFiles -ControlObserve -TextMessages -OpenQuitApps -GenerateReports -RestartShutDown -SendFiles -ChangeSettings"
# Apply Remote Management
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -specifiedUsers
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users $adminUser -privs -all -restart

so if you seperated the commands with a semi-colon(";"), you would have a one-liner that you could deploy via Casper Remote or ARD


Contributor II

@LSinNY The main issue is that I am unable to enroll this machines with Recon. We've narrowed it down to SSH not being turned on. Network scans generate the following error:

SSH failed to create session with host 'ip address' (Failure establishing socket connection)

So to be clear, there are not managed machines (yet).

New Contributor II

You will need some service already turned on, on the computers. Is Screen Sharing or Remote Management enabled? Is file sharing?
If nothing is enabled, then you won't be able to connect remotely to turn on Remote Login.

Legendary Contributor III

+1 to @ehemmete's comment. You will need at least some service enabled that will let you get into the Macs. If everything (SSH, ARD, ScreenSharing, FileSharing, etc) is off, you are out of luck unfortunately. Its just not going to be possible to enable anything remotely in that instance. Hopefully at least one service is on and configured on the Macs with something known by you.

If all else fails, there is user self enrollment in the JSS, if you can convince people to do it and they have rights to install a .pkg on their Macs.