When I run
sudo dscl . -append /Groups/com.apple.access_ssh GroupMembership $USERNAME
I get
append: Invalid Path
<dscl_cmd> DS Error: -14009 (eDSUnknownNodeName)
Asked
Active
Viewed 1,802 times
1
tomekfranek
- 143
- 6
2 Answers
3
Here’s how you can add groups to your SSH access list (aka a SACL). All commands must be run with root privileges:
Command to create the SACL (if it doesn’t already exist):
dseditgroup -o create -q com.apple.access_ssh
Add your group as a nested group inside the SACL group:
dseditgroup -o edit -a group_name_here -t group com.apple.access_ssh
If you’re adding an AD group, you may need to add the AD domain’s name:
dseditgroup -o edit -a DOMAIN\group_name_here -t group com.apple.access_ssh
Rich Trouton
- 131
- 2
-
After trying so many different things, including using the `kickstart` utility, this finally fixed the problem I had in which the connection was successful, login was successful, but then the connection was immediately closed with "`PAM: user account has expired for ...`" - so thank you, I hope this helps others with the same problem. – Robert Muil Oct 02 '19 at 14:29
2
I just looked at my copy of Mountain Lion and the com.apple.access_ssh group doesn't exist until you've actually turned on "Remote Login" in System Preferences.
When you turn on Remote Desktop AND set it to "Allow access for: Only these users", then there is a group called "com.apple.access_ssh". When you set it back to ""Allow access for: All users", the name of the group is changed to "com.apple.access_ssh-disabled".
AlanGBaker
- 286
- 1
- 5