SSH access by users is controlled by the local copy of Directory Services. (Controlled using dscl) First off run dscl. List /Groups grep 'accessssh'. If the returned value says com.apple.accessssh-disabled then all users have SSH access. If not, then we need to give the user access. To add the user you need to run: sudo dscl. Append /Groups/com.apple.accessssh user USERNAME (replace USERNAME with the short username of the user) as well as: sudo dscl.
Append /Groups/com.apple.accessssh groupmembers `dscl. Read /Users/USERNAME GeneratedUID cut -d ' ' -f 2` (replace USERNAME with short username as well) (The last bit is thanks to ) To add/enable Remote Management for only specific users (Add VNC flags from if you want VNC): sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -users short,usernames,seperated,by,commas -access -on -restart -agent -privs -all -allowAccessFor -specifiedUsers Find out more by running sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -h. Enable Remote Desktop via command line: sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -clientopts -setvnclegacy -vnclegacy yes -clientopts -setvncpw -vncpw mypasswd -restart -agent -privs -all Turn off screen sharing: sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -configure -access -off EDIT OK, I may have misunderstood your question. By 'Remote Access' I presumed you meant remote desktop, but now I see you just want to enable ssh access for the other account, right? My answer gets you halfway there.
![]() ![]()
I have set up file sharing and controlled access by adding a specific 'file sharing' user, this is password protected. The only way this works is by turning 'on' file sharing. It does state underneath that this will 'allow administrators to access all volumes'. So far I've tried disabling guest access in the 'Users and groups' system preferences. I also tried adding a single shared folder in the 'Sharing' system preferences, but that single shared folder won't allow me to specify who can 'read and write'. It currently has my admin account as 'read and write', with staff and everyone with 'read only'.
After enabling Remote Desktop as shown, then connect with the remote Mac to change the user's ssh access via System Prefs. To connect to the remote Mac, go to the Finder and select Connect to Server under the Go menu. Type in the Server Address for your computer: vnc://x.x.x.x Where x.x.x.x is the remote computer's IP address or URI. Since you connected with ssh, I presume you already know this. Now you can use the Remote Desktop to navigate to System Prefs Accounts and click the box to allow the other account to log in to the computer.
Ssh access is granted to members of the com.apple.accessssh group. This is the group that you're editing when you make access modifications to the Remote Login service through the Sharing pref pane. While dscl can be use to edit group memberships (as described in other answers), dseditgroup is a cleaner way to modify the com.apple.accessssh group memberships from the command line. To add a user: sudo dseditgroup -o edit -t user -a USERNAME com.apple.accessssh to remove a user: sudo dseditgroup -o edit -t user -d USERNAME com.apple.accessssh.
Comments are closed.
|
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |