Skip to main content
Solved

SSH Connection Refused


Forum|alt.badge.img+22
  • Honored Contributor
  • 289 replies

Been running in circles for a while with this. I can SSH successfully into an enrolled computer using our jamf management account: "ssh jamfadmin@ipadress"

However if I try to use the local Administrator account "ssh Administrator@ipadress" I get the error "Connection closed by 10.200.0.103 port 22" after entering the password. I know for a fact I am entering the correct password because if I ssh in successfully with "ssh jamfadmin@ipadress" and then enter "su Administrator" and enter that same Administrator password, the account switches to Administrator as designed.

What the heck am I missing here?

Best answer by sdagley

@TomDay System Preferences->Sharing->Remote Login. Is "Allow Access for:" set to "All users", or is the Administrator account listed under "Only these users:"

View original
Did this topic help you find an answer to your question?

5 replies

sdagley
Forum|alt.badge.img+25
  • Jamf Heroes
  • 3539 replies
  • Answer
  • January 15, 2021

@TomDay System Preferences->Sharing->Remote Login. Is "Allow Access for:" set to "All users", or is the Administrator account listed under "Only these users:"


Forum|alt.badge.img+22
  • Author
  • Honored Contributor
  • 289 replies
  • January 15, 2021

@sdagley TY, I was assuming "All users", but should really confirm. I don't have physical access to the machines I am testing, is there a way I can check remotely?


sdagley
Forum|alt.badge.img+25
  • Jamf Heroes
  • 3539 replies
  • January 15, 2021

@TomDay If /usr/bin/dscl . -read /Groups/com.apple.access_ssh | grep GroupMembership | grep -w Administrator returns anything when run on your remote Mac then Administrator is enabled for ssh. If the result is empty, it isn't.


Forum|alt.badge.img+22
  • Author
  • Honored Contributor
  • 289 replies
  • January 15, 2021

TYVM @sdagley I'll test on Tuesday, wrapping up for the long wkd.


Forum|alt.badge.img+22
  • Author
  • Honored Contributor
  • 289 replies
  • January 20, 2021

@sdagley Thx for your help with this. Settings for our computers should be "Only these users", so I needed to get theAdministrator account into the proper group. Found a script on Jamfnation from @ssrussell (thanks for that!) and edited it a bit:

#!/bin/sh

# turn ssh on
systemsetup -setremotelogin on


#Add Administrator to Remote Login access list
dseditgroup -o edit -a "$4" -t user com.apple.access_ssh

# restart ssh
launchctl unload /System/Library/LaunchDaemons/ssh.plist
sleep 5
launchctl load -w /System/Library/LaunchDaemons/ssh.plist

exit 0

https://www.jamf.com/jamf-nation/discussions/33372/enable-ssh-from-jamf-for-specific-user


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings