This page looks best with JavaScript enabled

Deploy Mac OS Accounts Remotely

 ·  ☕ 2 min read  ·  🥓🥓🥓 werkn

The following guide will help you setup remote account deployment using Mac OS remote management (SSH) using the terminal.

Configure Remote Management

Built into Mac OS is the remote management tools (essentially an SSH server) in order to do automated remote deployments we need to first enable the built-in SSH server.

Via the terminal:

1
2
3
sudo systemsetup -setremotelogin on
sudo dseditgroup -o create -q com.apple.access_ssh
sudo dseditgroup -o edit -a admin -t group com.apple.access_ssh

Video tutorial:

Note: If you have your firewall enabled be sure to create a rule set to allow SSH through.

Get The Scripts

You should now be ready to deploy an account. We assume you are on the same network as the machine you wish to connect to and that firewall rules are in place to allow SSH.

Begin by copying the two files below to your system, choose any directory that works for you:

setup_account.sh

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
#!/bin/bash
# usage `bash setup_account.sh <ip> <admin_username> <new_acc_username> <new_acc_password>`
# secure copy to specified host
if test $# -eq 4;
then
    scp ./create_user.sh $2@$1:/Users/admin/Desktop/create_user.sh
    # execute script on remote host
    ssh -t $2@$1 "sudo sh /Users/admin/Desktop/create_user.sh $3 $4"
    echo "Done."
else
    echo "Usage 'bash setup_account.sh <remote_ip> <admin_username> <new_acc_username> <new_acc_password>'"
fi

create_user.sh

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
#!/bin/bash
# usage: create_user <username> <password>
LOCAL_ADMIN_FULLNAME="$1" # local admin user's full name
LOCAL_ADMIN_SHORTNAME="$1" # local admin user's shortname
LOCAL_ADMIN_PASSWORD="$2" # local admin user's password

# Create a local admin user account
sudo sysadminctl -addUser "$LOCAL_ADMIN_SHORTNAME" -fullName "$LOCAL_ADMIN_FULLNAME" -password "$LOCAL_ADMIN_PASSWORD" -admin
sudo dscl . create /Users/$LOCAL_ADMIN_SHORTNAME IsHidden 0 #don't hide account
sudo mv /Users/$LOCAL_ADMIN_SHORTNAME /var/$LOCAL_ADMIN_SHORTNAME # Moves the admin home folder to /var
sudo dscl . -create /Users/$LOCAL_ADMIN_SHORTNAME NFSHomeDirectory /var/$LOCAL_ADMIN_SHORTNAME # Create new home dir attribute

shutdown -r now

Creating A User

To create a user run the following (from the directory you just added the scripts too):

1
bash setup_account.sh <remote_ip> <admin_username> <new_acc_username> <new_acc_password>

If all has worked you should now be able to remote into your new account. The video above demonstrates this.

References:

Share on

Ryan Radford
WRITTEN BY
werkn
Developer / IT Guy / Tinkerer