SSH Connection Refused

TomDay
Release Candidate Programs Tester

Been running in circles for a while with this. I can SSH successfully into an enrolled computer using our jamf management account: "ssh jamfadmin@ipadress"

However if I try to use the local Administrator account "ssh Administrator@ipadress" I get the error "Connection closed by 10.200.0.103 port 22" after entering the password. I know for a fact I am entering the correct password because if I ssh in successfully with "ssh jamfadmin@ipadress" and then enter "su Administrator" and enter that same Administrator password, the account switches to Administrator as designed.

What the heck am I missing here?

1 ACCEPTED SOLUTION

sdagley
Honored Contributor III

@TomDay System Preferences->Sharing->Remote Login. Is "Allow Access for:" set to "All users", or is the Administrator account listed under "Only these users:"

View solution in original post

5 REPLIES 5

sdagley
Honored Contributor III

@TomDay System Preferences->Sharing->Remote Login. Is "Allow Access for:" set to "All users", or is the Administrator account listed under "Only these users:"

TomDay
Release Candidate Programs Tester

@sdagley TY, I was assuming "All users", but should really confirm. I don't have physical access to the machines I am testing, is there a way I can check remotely?

sdagley
Honored Contributor III

@TomDay If /usr/bin/dscl . -read /Groups/com.apple.access_ssh | grep GroupMembership | grep -w Administrator returns anything when run on your remote Mac then Administrator is enabled for ssh. If the result is empty, it isn't.

TomDay
Release Candidate Programs Tester

TYVM @sdagley I'll test on Tuesday, wrapping up for the long wkd.

TomDay
Release Candidate Programs Tester

@sdagley Thx for your help with this. Settings for our computers should be "Only these users", so I needed to get theAdministrator account into the proper group. Found a script on Jamfnation from @ssrussell (thanks for that!) and edited it a bit:

#!/bin/sh

# turn ssh on
systemsetup -setremotelogin on


#Add Administrator to Remote Login access list
dseditgroup -o edit -a "$4" -t user com.apple.access_ssh

# restart ssh
launchctl unload /System/Library/LaunchDaemons/ssh.plist
sleep 5
launchctl load -w /System/Library/LaunchDaemons/ssh.plist

exit 0

https://www.jamf.com/jamf-nation/discussions/33372/enable-ssh-from-jamf-for-specific-user