Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Remote Software Deployment

G

GCW

macrumors newbie
Original poster
Nov 10, 2014
6
0
Hi,

We are looking to deploy the updated version of our antivirus software (Symantec Endpoint Protection). Before anyone comments that Macs either don't need AV, or asks why I'm using SEP, it's entirely out of my hands and I'm just doing as I'm told - or at least trying to.

We have been unable to push out the update as we (OK, I) neglected to enable Remote Login on the Mac image before deploying it to 86 Macs across the network.

As you can probably understand, I don't really want to visit 86 Macs to manually enable this. I did try to write a login script to enable this, but it doesn't seem to do anything. Entering the command into Terminal prompts for credentials, after which it works. I can only assume that it is prompting for the password while my script is running.

This is one of the commands I tried:

sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist

Here's the other:

systemsetup -setremotelogin on

Both have the same result.

To cut a long story short, I'm going to want to update the AV and then deploy some other software:

Munki Client
Speaker Mute
OS Security Updates

I think we need Remote Login on but I've still left Remote Management off because I seem to recall that stops RealVNC from working.

Could anyone advise please?

Thanks,

Gary
 
superscape

superscape

macrumors 6502a
Feb 12, 2008
937
223
East Riding of Yorkshire, UK
GCW said:
Entering the command into Terminal prompts for credentials, after which it works. I can only assume that it is prompting for the password while my script is running.
Click to expand...

Well, there's a way around that. It's insecure as hell, but assuming your admin password is 'foo' then you could do:

Code: 
echo foo | sudo -S systemsetup -setremotelogin on
As I said, insecure as hell since your admin password is in there in plain text. However, it *would* work. I'll leave you to decide how bothered you are about the security implications!

Oh, did I remember to mention it's insecure as hell? ;-)
 
Last edited:
G

GCW

macrumors newbie
Original poster
Nov 10, 2014
6
0
Well, there's a way around that. It's insecure as hell, but assuming your admin password is 'foo' then you could do:



Code:
echo foo | sudo -S systemsetup -setremotelogin on
As I said, insecure as hell since your admin password is in there in plain text. However, it *would* work. I'll leave you to decide how bothered you are about the security implications!

Oh, did I remember to mention it's insecure as hell? ;-)
Click to expand...

How did you know my admin password? :p

I was trying to avoid going down that route, but it's definitely handy knowing that this can be achieved with the "echo" command if absolutely necessary!
 
G

GCW

macrumors newbie
Original poster
Nov 10, 2014
6
0
You mean it's not Password1? ;)
Click to expand...

No, but I was going to change it to that! I'll have to think of another one now!

I've not had the opportunity to test that command today but I will be doing so tomorrow. Presumably it works with the local admin password and not domain admin, so although it's bad, it's not as bad as domain admin. If I used something like Automate I could make it very slightly more secure, enough in fact that the users couldn't access the keyboard or mouse while it is running. I'll give that a go tomorrow.

Thanks,

Gary
 
N

Norouzi

macrumors 6502
Aug 6, 2004
399
25
Philadelphia, PA
I know you said you didn't enable Remote Login, I'm going to assume that Remote Management isn't enabled either making Apple Remote Desktop out of the question?

I'll tell you what I did when I had to provide a script to a couple of guys to run on a bunch of machines that required sudo. They didn't want to have to type the password on about 50 machines when running the script so I hashed the password using openssh and then had the script run openssh on that hash to decrypt it and save it in a variable which I passed to the command that needed to be run.

It's still insecure as anyone who knows what their doing would be able to figure out what the script is doing, but it made me feel slightly better that the admin password wasn't sitting there in total plain text for anyone who looked at the script to see.
 
Silencio

Silencio

macrumors 68040
Jul 18, 2002
3,457
1,566
NYC
Enabling Remote Management instead of Screen Sharing does, in fact, allow VNC clients to connect remotely. So if you want to use Apple Remote Desktop or VNC clients, turn on Remote Management on your client machines. In System Preferences > Sharing > Remote Management, you may want to click on Computer Settings and specify an explicit password for VNC clients to connect.

Between ARD and Munki, you should have everything you need to keep your fleet updated. Munki in particular saves me a lot of time and headache, once I got everything configured to my liking.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom