Centrify DirectControl on Mac OS X 10.9 and aboveQuestion:
On new Mac systems with OS X 10.9 or higher installed, the GP at:
Computer Configuration / Centrify Settings / Mac OS X Settings / Services / "Enable remote login"
..no longer allows SSH logins. The same GP is working fine for OS X 10.8 and below.
What needs to be changed to allow SSH access for 10.9 systems as well?Answer:
SSH access for OS X is configured via:
System Preferences > Sharing > Remote Login
In OS X versions 10.8 and below, the default access for this setting was:
- Allow access for: All users
However in OS X 10.9 the default was changed to:
- Allow access for: Local Administrators
To set this back to "All users" via group policy, add the following command into the GP at:
Computer Configuration / Centrify Settings / Common UNIX Settings / "Specify commands to run"
- Run Command: sudo dseditgroup -o delete -T group com.apple.access_ssh
(In order for this GP folder to be visible, the centrify_unix_settings.xml template needs to have been added into the GPO)
For further detail on managing SSH access in OS X, see: