I’m trying to write a relevance for enabling remote login (sshd) for OS X.
The plist file at /System/Library/LaunchDaemons/ssh.plist has a disabled key when it is turned off.
Here is what it would look like when off:
<?xml version="1.0" encoding="UTF-8"?>
Disabled
Label
com.openssh.sshd
Program
/usr/libexec/sshd-keygen-wrapper
ProgramArguments
/usr/sbin/sshd
-i
SHAuthorizationRight
system.preferences
SessionCreate
Sockets
Listeners
Bonjour
ssh
sftp-ssh
SockServiceName
ssh
StandardErrorPath
/dev/null
inetdCompatibility
Wait
When it’s on, the Disabled key is removed.
What relevance can I use to determine if the key disabled is true? I’ve tried this:
(exists string “Disabled” whose (it contains “true”) of dictionary of it) of file “/System/Library/LaunchDaemons/ssh.plist”
This continues to return false.
I don’t think I’m using the correct dictionary terms, what can I use to check for this? Checking this on 10.5 and 10.4, not 10.6 (it doesn’t seem to work on 10.6)
When I get the correct relevance, I use this command to start it:
Q: booleans of values of entries whose (key of it is “Disabled”) of dictionaries of file “/System/Library/LaunchDaemons/ssh.plist”
A: True
But when I change the “Remote Login” preference I don’t see true/false change in “/System/Library/LaunchDaemons/ssh.plist” (when I manually check the file). Perhaps Apple caches the change until shutdown or logout?
Thanks Noah. This seems to work OK for my 10.5.8 test machine in QnA. When I turn on remote login it returns true, when I turn off remote login it returns blank.
However, when I put this into a task, it doesn’t find any relevant machines. Here’s the full relevance:
((name of operating system contains “Mac OS X”)
AND
(booleans of values of entries whose (key of it is “Disabled”) of dictionaries of file “/System/Library/LaunchDaemons/ssh.plist”))
I also noticed that the ssh.plist doesn’t change the Disabled key, but only on 10.6 machines. What OS X version are you on?
Got an update on 10.6, looks like they moved the plist for sshd to /private/var/db/launchd.db/com.apple.launchd/overrides.plist
Here is an example of the plist:
<?xml version="1.0" encoding="UTF-8"?>
com.openssh.sshd
Disabled
I’m going to try to figure it out myself, but if anyone can chime in with an answer, I’ll take it.
I’ve tried:
boolean “Disabled” of key “com.openssh.sshd” of preference “/private/var/db/launchd.db/com.apple.launchd/overrides.plist”
exists key “Disabled” of key “com.openssh.sshd” of file “/private/var/db/launchd.db/com.apple.launchd/overrides.plist”
booleans of “com.openssh.sshd” of entries whose (key of it is “Disabled”) of dictionaries of files “/private/var/db/launchd.db/com.apple.launchd/overrides.plist”
exists entry “true” of key “Disabled” of “/private/var/db/launchd.db/com.apple.launchd/overrides.plist”
exists dictionary “true” of dictionary “Disabled” of dictionary “/private/var/db/launchd.db/com.apple.launchd/overrides.plist”
Thanks to some awesome help locally, I’ve got the correct answer:
exists (values of entries whose (key of it is “Disabled”) of dictionaries of file “/System/Library/LaunchDaemons/ssh.plist”)
will find 10.5 machines that do not have Remote Login enabled.
exists (values of entries whose (key of it is “Disabled”) of dictionary “com.openssh.sshd” of dictionaries of file “/private/var/db/launchd.db/com.apple.launchd/overrides.plist ")
will find machines 10.6 machines that don’t have remote desktop enabled.
I’ve been watching this thread with quite some interest. We’ve got a few Macs in house with little expertise. If you can share your task / fixlet that modifies those settings I’d be greatful.
John, No Problem! The 10.6 relevance doesn’t work yet, but the 10.4-5 does.
This relevance is used for the 10.4 - 10.5 machines:
((system version >= 10.4) AND (system version < 10.6)) AND (exists (values of entries whose (key of it is Disabled) of dictionaries of file /System/Library/LaunchDaemons/ssh.plist))
The script that runs is a sh script:
sudo /sbin/service ssh start
The relevance for 10.6 is different, but were still working on it, however, the action script is the same. I’ll be updating the thread when we get the relevance corrected for 10.6.
exists ((booleans of values of entries whose (key of it is "Disabled") of dictionary "com.openssh.sshd" of dictionaries of file "/users/mdb/documents/test.plist")) whose (it = False)
Also, I just tested your command and can confirm that it did in fact update my .Plist file in 10.5.8. It also seems to update the .Plist file if updating the setting via the GUI.
The relevance for 10.6 should be looking for true, not false. It’s disabled when the key is true, so the relevance is:
exists ((booleans of values of entries whose (key of it is “Disabled”) of dictionary “com.openssh.sshd” of dictionaries of file “/users/mdb/documents/test.plist”)) whose (it = true)
Ah, you’re right. Also, it shouldn’t point to my documents folder. My bad
exists ((booleans of values of entries whose (key of it is "Disabled") of dictionary "com.openssh.sshd" of dictionaries of file "/private/var/db/launchd.db/com.apple.launchd/overrides.plist")) whose (it = true)
