Setting access controls for SSH Part 2

As a follow-up to my earlier blog entry on setting SSH access controls, here’s how you can add groups to your SSH SACL:

Command to create the SACL (if it doesn’t already exist):

dseditgroup -o create -q com.apple.access_ssh

Add your group as a nested group inside the SACL group:

dseditgroup -o edit -a “group name” -t group com.apple.access_ssh

If you’re adding an AD group, you may need to add the AD domain’s name:

dseditgroup -o edit -a “DOMAIN\group name” -t group com.apple.access_ssh