[HOW TO] Enable remote access for individual users using ssh

[HOW TO] Enable remote access for individual users using ssh

By Centrify on ‎06-28-2018 03:50 PM

In this instance, you as an admin want to give remote access to your Mac machines without having to give full remote access to all users and you want to do this remotely.  This can be completed by using SSH.  Below are the steps you can use to complete this process. 


SSH does need to be enabled, which can be done by enabling remote access. Remote access needs to be set to “only these users”.  The user you are adding does have to have an existing account on that Mac.







 As you can see above, the remote login is for Administrators ONLY.  To add a user for them to remotely access the Mac, SSH in to the Mac by typing:


 ssh <username>@Ipaddress


Type your password, which will then bring you to the bash prompt for the Mac. 






Once SSH’d in, the new user can be added.  This is done by using the command:


sudo dseditgroup -o edit -t user -a <username> com.apple.access_ssh.





Once this is done, you can verify (if required) the user has been added as a remote user under System Preferences > Sharing. 







The user now has SSH access to that machine.  This is now complete.  If that user needs remote access / SSH access rights removed from the Mac, the above illustrated steps would still be used, but the final command would need to be changed to:


sudo dseditgroup -o edit -t user -d USERNAME com.apple.access_ssh


This will remove the user from the remote access as you have requested.  To log off the Mac, simply type Logout which will disconnect your session.

Showing results for 
Search instead for 
Do you mean 

Community Control Panel