Skip to main content
Question

limitSSHScope.sh script - Is it possible to modify script to limit SSH access to one group?

R
Forum|alt.badge.img+31

In the Casper 8.1 resource kit, I noticed that there was a script in Resource Kit - February 2011/All Tools/Security Scripts called "limitSSHScope.sh". This particular script is scoped to allow one user through. Has anyone modified the script so that it's allowing one group through, instead of one user?

If you have, or have another similar script that you're using, would you please share what you did?

Thanks,
Rich

---
Rich Trouton
troutonr at janelia.hhmi.org

JFRC Help Desk
phone: x4030
email: helpdesk at janelia.hhmi.org

The best way to get in touch with me is through email.

    2 replies

    R
    Forum|alt.badge.img+13

    You can nest a group.

    That script looks like it creates the group, even if it doesn't exist.

    You can use dseditgroup to add an existing group to the local com.apple.access_ssh SACL group.

    Add the local admin group to it: /usr/sbin/dseditgroup -o edit -a admin -t group -n /Local/Default com.apple.access_ssh

    R
    Forum|alt.badge.img+31
    • rich.trouton
    • Author
    • Employee
    • 920 replies
    • May 24, 2011

    Thanks, Nate. I was thinking about using dseditgroup for this, so I'll make some edits to the script to use that command like you've laid out below, instead of the dscl commands included with the script.

    Rich

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings