Jamf Nation Community

donmontalvo · ‎08-03-2010

Is anyone else having a problem with using "Secure SSH" in conjunction with a hidden local admin account during imaging time?

Hiding the local admin account through JSS seems to result in a "broken" ACL for SSH...

http://donmontalvo.com/jamf/secure_ssh_hidden_admin_acct/Hidden_local_admin_acct_locked_out.jpg
http://donmontalvo.com/jamf/secure_ssh_hidden_admin_acct/Secure_SSH_feature_in_JSS_7.31.jpg
http://donmontalvo.com/jamf/secure_ssh_hidden_admin_acct/Sharing_SSH_settings.png

Thanks,
Don

--
https://donmontalvo.com

jarednichols · ‎08-04-2010

Ensure your ssh account belongs to the group com.apple.access_ssh. Being a
hidden account, it won't show up in the GUI there in Sharing. You need to
make sure it's there via dscl.
--
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

Bukira · ‎08-04-2010

you can use Workgroup manager to make sure it is

Criss Myers
Senior Customer Support Analyst (Mac Services)
iPhone / iPad Developer
Apple Certified Technical Coordinator v10.5
LIS Development Team
Adelphi Building AB28
University of Central Lancashire
Preston PR1 2HE
Ex 5054
01772 895054

jarednichols · ‎08-04-2010

pffft. Using the GUI is a sign of weakness.

;)
--
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

Bukira · ‎08-04-2010

nah :-) make life easy for yaself :-)

Do you not use Casper Admin? thats a GUI :-)

Criss Myers
Senior Customer Support Analyst (Mac Services)
iPhone / iPad Developer
Apple Certified Technical Coordinator v10.5
LIS Development Team
Adelphi Building AB28
University of Central Lancashire
Preston PR1 2HE
Ex 5054
01772 895054

ernstcs · ‎08-04-2010

Actually, Jared writes everything to the db in mysql terminal...he’s that hardcore!

Craig E

On 8/4/10 8:39 AM, "Criss Myers" <cmyers at uclan.ac.uk> wrote:

nah :-) make life easy for yaself :-)

Do you not use Casper Admin? thats a GUI :-)

Criss Myers

Senior Customer Support Analyst (Mac Services)

iPhone / iPad Developer

Apple Certified Technical Coordinator v10.5

LIS Development Team

Adelphi Building AB28

University of Central Lancashire

Preston PR1 2HE

Ex 5054

01772 895054

jarednichols · ‎08-04-2010

Afterall, the Matrix is best seen in its native form…
--
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

tlarkin · ‎08-04-2010

How was this account created? If remote log in is enabled I am almost certain the user can ssh. Unless you set it to certain users specifically

Also command line is always faster and once you get the commands down you can then proceed to achieve automation.

donmontalvo · ‎08-04-2010

Tom, Craig, Jared, Criss...thanks for all your responses. After some troubleshooting with John Miller (welcome to JAMF, John!), we found the issue.

Diagnosis: brain f at rt. I had the admin name spelled wrong.

I'm so ashamed....if anyone needs me, I'll be in purgatory.

Don

--
https://donmontalvo.com

donmontalvo · ‎08-04-2010

Tom, Craig, Jared, Criss...thanks for all your responses. After some troubleshooting with John Miller (welcome to JAMF, John!), we found the issue.

Diagnosis: brain fart. I had the admin name spelled wrong.

I'm so ashamed....if anyone needs me, I'll be in purgatory.

Don

--
https://donmontalvo.com

rmanly · ‎08-05-2010

:D Awesome…. lol :D ;)

Ryan M. Manly
Glenbrook High Schools

tlarkin · ‎08-05-2010

All Wizards have beards, including Unix wizards :) *strokes beard
while writing this email*

Jamf Nation Community

"Secure SSH" combined with hidden local admin account broken?