You used to be able to use /usr/sbin/systemsetup -f -setremotelogin off
or /usr/sbin/systemsetup -f -setremotelogin on
to script disabling or enabling SSH on macOS.
Now that macOS has Privacy Preferences Policy Control, which needs a profile delivered by a user-approved MDM, you may get this error: setremotelogin: Turning Remote Login on or off requires Full Disk Access privileges.
, which can be especially annoying if the script’s parent process isn’t code-signed (and thus can’t be used in a PPPC profile), as /usr/sbin/period isn’t, for example. (Read more at Use the systemsetup command-line utility on macOS Catalina 10.15.)
For now, a workaround for this is to simply load or unload the launch daemon that enables/disables SSH: /bin/launchctl load -w /System/Library/LaunchDaemons/ssh.plist
or /bin/launchctl unload -w /System/Library/LaunchDaemons/ssh.plist
P.S. Since these are things you’re scripting via something like Munki or Jamf, I’m assuming you’re testing the commands as root.
Leave a Reply