Need to disable Remote Login in MAC OS X

NEGIA · January 28, 2016, 11:12am

Need help to creating a relevance fixlet to identify whether the Remote Login option is checked or unchecked in System Pref>Sharing>Remote Login or not.

jgstew · January 28, 2016, 11:59pm

What plist is this setting controlled by?

NEGIA · January 29, 2016, 5:38am

Hi, I am referring com.apple.access_ssh.plist , although the solution has already been available in bigfix form. refer below relevance…

not (if (system version < "10.10") then (exists file "/var/db/launchd.db/com.apple.launchd/overrides.plist" whose (exists dictionary "com.openssh.sshd" whose (exists boolean "Disabled" whose (it = False) of it) of dictionary of it)) else (exists file "/var/db/com.apple.xpc.launchd/disabled.plist" whose (exists boolean "com.openssh.sshd" whose (it = False) of dictionary of it)) AND (not exists file "/var/db/dslocal/nodes/Default/groups/com.apple.access_ssh-disabled.plist") AND (exists file "/var/db/dslocal/nodes/Default/groups/com.apple.access_ssh.plist" whose (exists array "nestedgroups" whose (concatenation ", " of strings of values of it contains (string of values of array "generateduid" of dictionary of file "/var/db/dslocal/nodes/Default/groups/admin.plist")) of dictionary of it)))

But the requirement to check whether the “Remote Login” option is enabled or not in MAC OS X 10.10.

jgstew · January 29, 2016, 7:48pm

Where is this plist located? What is the absolute path?

NEGIA · February 1, 2016, 5:06am

Hi, the location is : /var/db/dslocal/nodes/Default/groups/com.apple.access_ssh.plist

Please Note : The VAR directory is hidden, you need to unhide this to see subfolders.

jgstew · February 2, 2016, 6:31am

Oh, sorry. I didn’t see that in the relevance until you included it in your reply by itself. It was a bit hard to tell what was what in all of that relevance.

jgstew · February 2, 2016, 6:54am

An example:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>comment</key>
	<array>
		<string>SSH Service ACL</string>
	</array>
	<key>generateduid</key>
	<array>
		<string>-redacted-</string>
	</array>
	<key>gid</key>
	<array>
		<string>123</string>
	</array>
	<key>name</key>
	<array>
		<string>com.apple.access_ssh</string>
	</array>
	<key>nestedgroups</key>
	<array>
		<string>-redacted-</string>
	</array>
	<key>passwd</key>
	<array>
		<string>*</string>
	</array>
	<key>realname</key>
	<array>
		<string>SSH Service ACL</string>
	</array>
</dict>
</plist>

Are you certain this is the plist that is changed when that box is checked or unchecked?

NEGIA · February 2, 2016, 10:45am

Nothing is going to change in this plist, when I am checking or unchecking the remote login checkbox.

jgstew · February 4, 2016, 5:30am

What does change when you check or uncheck the remote login box? It is most likely a plist, but I have no idea where.

Once that is known, then relevance can be written against that location to determine the current state of the checkbox, and then actionscript can be written to change it.

VIJJA · February 5, 2016, 8:55am

That is the main concern, I am also searching where the contents or value is updating under Plist … but only the time stamp is changing nothing else during check or uncheck the option.

Need guidance on this…