Home > Mac administration, Mac OS X > Setting access controls for SSH Part 2

Setting access controls for SSH Part 2

As a follow-up to my earlier blog entry on setting SSH access controls, here’s how you can add groups to your SSH SACL:

Command to create the SACL (if it doesn’t already exist):

dseditgroup -o create -q com.apple.access_ssh

Add your group as a nested group inside the SACL group:

dseditgroup -o edit -a “group name” -t group com.apple.access_ssh

If you’re adding an AD group, you may need to add the AD domain’s name:

dseditgroup -o edit -a “DOMAIN\group name” -t group com.apple.access_ssh

  1. June 11, 2012 at 8:45 pm

    Thanks for all the information. Your site is always informative, inspiring and insightful.

    Any advice for adding a NIS group with dseditgroup for use with ssh?

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 164 other followers

%d bloggers like this: