![]() Even if I log in via screen share and try to disable it, I see the message "Screen Sharing is currently being controlled by the Remote Management service." However, it seems that the way the Mac is set up for remote management, the 'Screen Sharing' feature is kind of locked out from changes via SSH. clientopts -setvnclegacy -vnclegacy yes \ It seems like you'd be able to disable screen sharing with the following command: $ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart \Īnd then re-enable with the following command: $ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart \ Unless you really need it, it's a good idea to also disable Screen Sharing (which opens up VNC access over the Internet), because it's a less efficient way of administering a Mac, it requires more running services, and in general unless you need it available, it's better to close off access. ![]() You can check on the status of the loginWindowIdleTime property with sudo defaults read /Library/Preferences/. It also adds a little load to the Mac mini since rendering a screensaver isn't free! $ sudo defaults write /Library/Preferences/ loginWindowIdleTime 0 While logged in via SSH, it's also a good idea to disable the built-in screensaver, since there's no monitor plugged in that needs any burn-in protection. ![]() Then restart the SSH daemon: $ sudo launchctl stop ![]() # Make the following changes to the file: Securing SSHįirst of all, I used ssh-copy-id to add my SSH key to the default administrator account on the Mac mini that was created for me: $ ssh-copy-id I could confirm I could log in with SSH successfully, I disabled password-based login, since that's an easy attack vector for scripts looking to hack into my servers: # While logged into the Mac mini. So I thought I'd document a little bit in this blog post about how I configured the Mac mini for more secure remote administration, since Macs tend to be a little more 'open' out of the box than comparable Linux machines that I'm used to working with. I recently got an offer from MacStadium to use one of their dedicated Mac minis to perform CI and testing tasks for my Mac-based open source projects (for example, my Mac Dev Ansible Playbook, which I use to configure my own Macs). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |