- Jamf Nation Community
- Products
- Jamf Pro
- SSH Connection Refused
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-15-2021 10:48 AM
Been running in circles for a while with this. I can SSH successfully into an enrolled computer using our jamf management account: "ssh jamfadmin@ipadress"
However if I try to use the local Administrator account "ssh Administrator@ipadress" I get the error "Connection closed by 10.200.0.103 port 22" after entering the password. I know for a fact I am entering the correct password because if I ssh in successfully with "ssh jamfadmin@ipadress" and then enter "su Administrator" and enter that same Administrator password, the account switches to Administrator as designed.
What the heck am I missing here?
Solved! Go to Solution.
Labels:
- Labels:
-
Settings and Security Management
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-15-2021 12:26 PM
@TomDay System Preferences->Sharing->Remote Login. Is "Allow Access for:" set to "All users", or is the Administrator account listed under "Only these users:"
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-15-2021 12:26 PM
@TomDay System Preferences->Sharing->Remote Login. Is "Allow Access for:" set to "All users", or is the Administrator account listed under "Only these users:"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-15-2021 12:30 PM
@sdagley TY, I was assuming "All users", but should really confirm. I don't have physical access to the machines I am testing, is there a way I can check remotely?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-15-2021 01:16 PM
@TomDay If /usr/bin/dscl . -read /Groups/com.apple.access_ssh | grep GroupMembership | grep -w Administrator returns anything when run on your remote Mac then Administrator is enabled for ssh. If the result is empty, it isn't.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-15-2021 01:34 PM
TYVM @sdagley I'll test on Tuesday, wrapping up for the long wkd.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-20-2021 11:00 AM
@sdagley Thx for your help with this. Settings for our computers should be "Only these users", so I needed to get theAdministrator account into the proper group. Found a script on Jamfnation from @ssrussell (thanks for that!) and edited it a bit:
#!/bin/sh
# turn ssh on
systemsetup -setremotelogin on
#Add Administrator to Remote Login access list
dseditgroup -o edit -a "$4" -t user com.apple.access_ssh
# restart ssh
launchctl unload /System/Library/LaunchDaemons/ssh.plist
sleep 5
launchctl load -w /System/Library/LaunchDaemons/ssh.plist
exit 0https://www.jamf.com/jamf-nation/discussions/33372/enable-ssh-from-jamf-for-specific-user
Reply
