Today morning I got a request from Green IT folks to enabled SSH on all the Macs that we have in Enterprise. Currently SSH is not enabled on clients and not even the Admins are allowed to do so. As it was against InfoSec policy of the client, they needed a solution that ensures SSH is not enabled for anyone except couple of Service Accounts that does background job. So what I proposed was simple, to create a Security Group in AD and add all Service Accounts to that Group and grant SSH access to that group. Now, no one else will be able to access via SSH except the members of this group. So here is what I wrote for them. In this script Joulix is the AD account and HM Admin Mac SSH is the AD group that needs SSH access.: #!/bin/bash # To add the User / Group to be able to do ssh. # Created by Laeeq Humam | 10.10.2014 | for HCL # Wrote for Green IT via Cisco Joulix. UN="Joulix" MACSSHGROUP="Admin Mac SSH" # Will use this group and user probably once or twice. Varia...
Devops related issues