Use ARD instead of ssh

kplack
New Contributor

I have a few hundred laptops already out with the students and im trying to remotely enroll them but i did not turn remote login on. I have remote management turned on because i use Apple Remote Desktop. Is there a way to change remote enrollment to use the ARD ports instead of the ssh ports? I really dont want to physically change the setting on each laptop in order to use this product.

9 REPLIES 9

pbenham
Contributor

Why don't you use ARD to enable SSH (Remote Management) on the laptops. There's even a 'Send UNIX command' template in ARD that does just that.

RobertHammen
Valued Contributor II

You may be able to use ARD to turn on SSH.

Not sure if one of these commands, run as root, will do the trick for you:

jamf startSSH

(if they're already enrolled in the JSS) or

systemsetup -setremotelogin on

I don't know if this will enable ssh for all users - something you probably want to control with greater detail.

To specify users to allow ssh access, follow the advice on dseditgroup mentioned in this blog link:

http://macadmincorner.com/securing-ssh/

rtrouton
Release Candidate Programs Tester

SSH can also be enabled using Casper. You should be able to set up a policy that is scoped to machines that don't have remote login turned on, then use the following command to turn on SSH:

systemsetup -setremotelogin on

kplack
New Contributor

I tried running the systemsetup -setremotelogin on command via ard but i get the error

You need administrator access to run this tool... exiting!

if i run sudo systemsetup -setremotelogin

i get sudo: no tty present and no askpass program specified

pbenham
Contributor

Are you using 'root' as the user in the Send UNIX command screen?

kplack
New Contributor

i am using the local admin account for the laptop

pbenham
Contributor

I mean like this...

external image link

RobertHammen
Valued Contributor II

^^^^exactly right. And you don't need to have the root login enabled for that to work (you generally shouldn't, as a rule).

kplack
New Contributor

you guys are the best :)