SSH enables itself

perryd84
Contributor III

Hi All,

We've been requested to disabled SSH on all our macbooks by our security team as its been highlighted as a risk when connected to public wifi.
So I wrote a script to disable it and it was working fine.

But, I'm now seeing all the devices which had it disabled are all slowly turning it back on. I've looked through logs and cant figure out what is turning it back on. We don't have SSH enabled at enrolment anymore and I have no SSH settings in any config profiles or policies so I'm baffled as to what is turning it back on.

Anyone else ever come across this or know a way to disable SSH for good?

5 REPLIES 5

mschroder
Valued Contributor

If you disabled it by editing the ssh config files you probably suffer from the fact that many system updates overwrite these files. This is a permanent struggle for people that modify ssh or sshd config files...

perryd84
Contributor III

I run a script to check if its enabled and if any users are assigned as remote admins and then remove all those users and run "sudo systemsetup -setremotelogin off"
It turns back on in a day or 2 as if once if checks back into Jamf theres something turning it on.

samuellarsson
New Contributor III

I see the same behaviour. Did you find what caused this?

perryd84
Contributor III

I never found what was causing it to enable itself again but I added another line to the disable script which seems to have sorted it out for us.

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -configure -access -off
sudo systemsetup -f -setremotelogin off

Do you mind sharing your whole script?