[Casper] Hidden SSH account

Thomas Larkin tlarki at kckps.org
Tue Aug 26 16:46:12 PDT 2008 

According to my Casper bible it says this:

"If you would like computers that are imaged with this configuration to be managed by Casper and the JSS, enter the enter the user name and password that allows access to this configuration via SSH in the fields labeled SSH username and SSH password"

Wudi from JAMF totally went over that too at the CCA training, and I am not quite sure if it actually creates the account or not.  I mean all you need is SSH to run, right? The account doesn't necessarily need a home directory since all the JAMF logs are piped out into like /var/jamf/jamf.log anyway right?

Because your frame work is going to force SSH on, and recon will add the account, but when it adds the account I don't ever see an account show up in the finder, I do see it though if I do a dscl . list /Users

I don't think I quite answered that question right either.

>>> "Ernst, Craig S." <ERNSTCS at uwec.edu> 08/26/08 6:23 PM >>>
As always on a managed machine you can see the jamf binary commands and there options by going into terminal on a managed machine and typing:

/usr/sbin jamf help

Or just

Jamf help

Tom, I just want to make sure I'm understanding the comment below. Are you talking about the option for "Ensure that Computers Imaged with this Configuration are managed". If that's configured it will create the hidden account? Or what are you referring to. I wasn't under the impression it did that, actually created the account, unless that was something new in 6.0. That option merely stored that account information in the JSS for that machine so it knew how to connect with the remote tools.

I know that if a machine has existing autorun data, imaging using prestaging, or when you are using Casper Imaging to image the computer you can enter that information into the Accounts tab. However, I don't think those options hide the account like the -hiddenUser switch does using the binary.

I've always kept a current copy of the binary around on a network share to run that command, but if there was an easier way that'd be cool...sort of.

Thanks,

Craig E


On 8/26/08 5:41 PM, "Thomas Larkin" <tlarki at kckps.org> wrote:

Or

Better yet also add the ssh account into your configuration from Casper Admin as well.

More information about the Casper mailing list