Enable SSH from Command line and limit it's use to the Admin Group
Like I have written about before, at my shop we use Dell’s KACE 1000 system for deploying updates to our architecture. KACE requires the Remote Login Service in System Preferences > Sharing turned on and set to Admin group only. The problem is our 400 macs don’t have that setting applied to them, so basically KACE cannot touch them or push anything to them remotely. Luckily as a side tool, we also use Apple Remote Desktop, a great remote access tool from Apple, that although its showing it’s age, it is still quite useful for doing jobs that requires scripts to be run to a large group of computers.
I came up with a way to enable SSH remotely and make it accessible to an Admin group and all done from the Command Line.
If you know me, I am always looking for ways to zero-touch deployments with less effort. In that vein, I threw together a script which can be deployed with Apple Remote Desktop. This script allows you to Enable SSH from Command line and limit it’s use to the Admin Group. Using this prevents you from having to go into your base image and manually configure SSH. The script can also be run locally on an existing machine that doesn’t have ssh enabled or limited to the admin group. It works great with Apple Remote Desktop, Filewave 8.0 or Casper. The script works with 10.8.5 and 10.9.3.