Setting access controls on SSH
Want SSH on, but want controls over who can log into it? On Mac OS X 10.5.x and higher, you can set this with a SACL for the SSH service.
Command to create the SACL (if it doesn’t already exist):
dseditgroup -o create -q com.apple.access_ssh
Add your user to the SACL group:
dseditgroup -o edit -a myuser -t user com.apple.access_ssh
(replace “myuser” with the shortname of your own account.)
With the SACL in place, only your account (and any others you add) will be able to log in to your Mac via SSH. You can also modify this setting through the Sharing pane of your System Preferences.