Enable Remote Access – Command Line

To enable Remote Management from the command line, enter the following into Terminal

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -users ARDADMIN -access -on -restart -agent -privs -all -allowAccessFor -specifiedUsers -computerinfo -set1 -1 "INFO1" -set2 -2 "INFO2" -set3 -3 "INFO3" -set4 -4 "INFO4"
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart --configure -access -on -privs -all -users ARDADMIN

You will need to switch ARDADMIN for the account you wish to give ARD access to.

INFO1, INFO2, INFO3, INFO4 refer to the fields located in System Preferences, Sharing, Remote Management, Computer Settings

 

To enable SSH for one specific user, enter the following into Terminal

sudo systemsetup -setremotelogin on
sudo dseditgroup -o create -a USER -t user -u USER -q com.apple.access_ssh

You will need to change USER for the shortname of the user you wish to grant SSH access to.

Change passwords from the command line

If you believe that your admin password has been compromised then it is always a good idea to change it, the dilemma is, if you have the same password for hundreds of machines, then it will be quite a hassle to go round to them all and change it, so you have 2 options

1. Invest in Apple Remote Desktop (ARD) to manage your machines.
2. SSH into all machines and change them that way.

I have ARD, so I will guide you through using that, the solution is in essence the same for either option, it’s just a hell of a lot quicker with ARD.

First, you need to select all the machines you wish to make the amendment on, then, you need to select the Send Unix Task option, you will want to run this as root, so select that option, then type the following into the command window

dscl . -passwd /Users/USERNAME PASSWORD

change USERNAME for the short name of the account you wish to change the password of, and swap PASSWORD for the new password, if you don’t set a new password then it will blank the password and then you will need to set a new one the next time you log in

One downside to this timesaving tip is that the next time you log in to the machines, you will need to have knowledge of the old password, so you can unlock the login keychain for that account.

When using this via SSH, you will need to sudo, otherwise it will fail.

And it goes without saying that this should NEVER be attempted on an account that has been filevault encrypted!