Skip to main content
Solved

SSH Connection Refused

T
Forum|alt.badge.img+22
  • TomDay
  • Honored Contributor
  • 289 replies

Been running in circles for a while with this. I can SSH successfully into an enrolled computer using our jamf management account: "ssh jamfadmin@ipadress"

However if I try to use the local Administrator account "ssh Administrator@ipadress" I get the error "Connection closed by 10.200.0.103 port 22" after entering the password. I know for a fact I am entering the correct password because if I ssh in successfully with "ssh jamfadmin@ipadress" and then enter "su Administrator" and enter that same Administrator password, the account switches to Administrator as designed.

What the heck am I missing here?

Best answer by sdagley

@TomDay System Preferences->Sharing->Remote Login. Is "Allow Access for:" set to "All users", or is the Administrator account listed under "Only these users:"

View original
    Did this topic help you find an answer to your question?

    5 replies

    sdagley
    Forum|alt.badge.img+25
    • sdagley
    • Jamf Heroes
    • 3539 replies
    • Answer
    • January 15, 2021

    @TomDay System Preferences->Sharing->Remote Login. Is "Allow Access for:" set to "All users", or is the Administrator account listed under "Only these users:"

    T
    Forum|alt.badge.img+22
    • TomDay
    • Author
    • Honored Contributor
    • 289 replies
    • January 15, 2021

    @sdagley TY, I was assuming "All users", but should really confirm. I don't have physical access to the machines I am testing, is there a way I can check remotely?

    sdagley
    Forum|alt.badge.img+25
    • sdagley
    • Jamf Heroes
    • 3539 replies
    • January 15, 2021

    @TomDay If /usr/bin/dscl . -read /Groups/com.apple.access_ssh | grep GroupMembership | grep -w Administrator returns anything when run on your remote Mac then Administrator is enabled for ssh. If the result is empty, it isn't.

    T
    Forum|alt.badge.img+22
    • TomDay
    • Author
    • Honored Contributor
    • 289 replies
    • January 15, 2021

    TYVM @sdagley I'll test on Tuesday, wrapping up for the long wkd.

    T
    Forum|alt.badge.img+22
    • TomDay
    • Author
    • Honored Contributor
    • 289 replies
    • January 20, 2021

    @sdagley Thx for your help with this. Settings for our computers should be "Only these users", so I needed to get theAdministrator account into the proper group. Found a script on Jamfnation from @ssrussell (thanks for that!) and edited it a bit:

    #!/bin/sh

# turn ssh on
systemsetup -setremotelogin on


#Add Administrator to Remote Login access list
dseditgroup -o edit -a "$4" -t user com.apple.access_ssh

# restart ssh
launchctl unload /System/Library/LaunchDaemons/ssh.plist
sleep 5
launchctl load -w /System/Library/LaunchDaemons/ssh.plist

exit 0

    https://www.jamf.com/jamf-nation/discussions/33372/enable-ssh-from-jamf-for-specific-user

    bern
    whiteb
    2 people like this
    • bern
      bern
    • whiteb
      whiteb

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings