Disable SSH on devices

leonwun
Contributor

Hey,

there are some machines that have SSH enabled with the following Startup Configuration:
d435a4ca546742bea3d07ac64ccce264

Now I am looking for a way to disable it. I found the following script:

sudo systemsetup -f -setremotelogin off

Will disabling SSH interfere with anything related to JAMF? My common sense tells me it won't but I thought I'd ask anyway. Better safe than sorry :)

1 ACCEPTED SOLUTION

talkingmoose
Moderator
Moderator

SSH is only enabled for use with Jamf Remote. If you don’t use that, then disabling it is a good idea.

View solution in original post

2 REPLIES 2

talkingmoose
Moderator
Moderator

SSH is only enabled for use with Jamf Remote. If you don’t use that, then disabling it is a good idea.

russell_garriso
New Contributor III

This page is great in that it shows you the Jamf setting that is enabling SSH and gives you the command you can script to fix it. Definitely take a close look at the command and notice the '-f' option, which I am guessing is to force the change. Our environment had an old script from when we would turn SSH on and off for periodic Spiceworks inventory runs. That script did not have the force option. Dusting off the script and running it from a policy started some kind of runaway process where the Jamf pid.tmp file was filling the disk in a manner of minutes! The force option isn't in the man page, but I can confirm that it is needed for the command to run successfully in Big Sur and Monterey and also prevents whatever condition was causing Jamf to fill up the disk. Take care and remember to TEST EVERYTHING before you run it in production.