SSH script?

[nobrainer]

I’ve followed the wiki to make an instaDMG image, and I think I’ve got most everything worked out, except for some SSH problems.
After I image the machine, our deploy account isn’t functioning. I can sign in with the account locally, so I know it’s there, but I can’t push software or anything remotely. This prevents me from running inventory updates, software updates, software deployments, etc. When I try and do anything updates remotely the logs list Authenticating… 3x then exits out.

I think it has to do with the following in the firstboot.pkg file:
[code]
#Kerberos-Enabled SSH Authentication. Also specifies which specific groups are allowed to ssh.
echo “Enable Kerberos SSH”
echo KerberosAuthentication yes >> /etc/sshd_config
echo KerberosOrLocalPasswd yes >> /etc/sshd_config
echo AllowGroups domain\admingrp >> /etc/sshd_config
echo AllowUsers adminact deployacct >> /etc/sshd_config
[/code]
Can someone kind of go over what i’m doing wrong?

[Allister Banks]

Hey there,

I do this as part of an updated createUser I altered:

if [ $kick_SSH -eq 1 ]; then

# wipe the disabled launchd key in the ssh.plist on the target to allow launchctl to load it
/usr/libexec/PlistBuddy -c “Delete Disabled” “${TARGET_DIR}/System/Library/LaunchDaemons/ssh.plist”
# make the ssh group
$serviceCmd “$dsNode” $suffix -create $sshAccessGroupPath || exit 1
$serviceCmd “$dsNode” $suffix -create $sshAccessGroupPath realname “Remote Login ACL”
$serviceCmd “$dsNode” $suffix -create $sshAccessGroupPath gid 404
# add our user to the ssh group
$serviceCmd “$dsNode” $suffix -merge $sshAccessGroupPath $groupKey “${shortname}”

This can be modified to run at first boot with four dscl commands and a launchctl load.

Hope that’s breadcrumbs for you,

Allister

[Author]

Posts