[OT] ARD Kickstart not working

ImAMacGuy
Valued Contributor II

Would someone be willing to look at my ARD line from my FB script? For some reason the primary admin account doesn't have SSH access.

It's created with the createadmin tool 1.24, I can login to the user and everything else, the results from kickstart say that the user was added, but I still can't SSH in unless I go into sharing and enable all users.

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -clientopts -setvnclegacy -vnclegacy yes -clientopts -setvncpw -vncpw <password> -users admin1,admin2 -privs -all -allowAccessFor -specifiedUsers -restart -agent -menu
Starting... Activated Remote Management. admin1: Set user remote access. admin2: Set user remote access. Set the client options. Setting allow all users to NO. Setting all users privileges to 1073742079. Done.
1 ACCEPTED SOLUTION

davidacland
Honored Contributor II

It might be easier with dseditgroup:

/usr/sbin/dseditgroup -o edit -a admin1 -t user com.apple.access_ssh

If you do it as root it shouldn't ask for a password.

View solution in original post

5 REPLIES 5

Kedgar
Contributor

In the past I have broken down this from one line into maybe three or four different iterations. I've not tried for instance to use multiple -clientopts in the command. Now this has nothing to do at all with ssh access. You have to validate your admin user is part of the administration group... and also make sure that ssh is enabled and allowed for admins only.

davidacland
Honored Contributor II

I didn't think ARD kickstart could do anything with SSH?

I normally enable ssh with:

systemsetup -setremotelogin on

and control access with the com.apple.access_ssh group.

ImAMacGuy
Valued Contributor II

i tried adding the user manually via

dseditgroup -o edit -n /Local/Default -u admin1 -p <password> -a admin1 -t user com.apple.access_ssh

but it pauses on waiting for the users password and doesn't allow the script to finish.

davidacland
Honored Contributor II

It might be easier with dseditgroup:

/usr/sbin/dseditgroup -o edit -a admin1 -t user com.apple.access_ssh

If you do it as root it shouldn't ask for a password.

ImAMacGuy
Valued Contributor II

Perfect! thank you @davidacland