Installation manual
Chapter 5 Understanding and Controlling Access Privileges 77
Command-Line SSH Access
Command-line SSH access isn’t granted or managed using Remote Desktop. This
type of access is managed in the Sharing pane of System Preferences (called “Remote
Login”) and is separate from Apple Remote Desktop access types. When you log in to a
client remotely using SSH, you have the user privileges assigned to the user name and
password. These may or may not include computer administrator privileges.
You can use SSH to access a client using a user account created for Apple Remote
Desktop, but you’re limited to performing whatever tasks were allowed to that user
when the account was created. Conversely, only the users specied in the Apple
Remote Desktop access privileges can access a computer using Apple Remote
Desktop. Apple Remote Desktop privileges are completely separate and distinct from
local computer administrator UNIX privileges.
Managing Client Administration Settings and Privileges
Regular audits of administration settings can help maintain a secure Remote Desktop
administration environment. Using the various administrator options given with
Apple Remote Desktop administrator privileges, you can create specialized logins for
certain tasks, limiting potentially disruptive power of certain sub-administrators. The
following sections describe how to check the administrator privilege settings of client
computers, and change those settings.
Getting an Administration Settings Report
You can query active Apple Remote Desktop clients for a report on what commands
they are accepting from your administrator authentication.
The report is a list of the Apple Remote Desktop administrator access types each with
an “On” or “O” to indicate whether that access type is available to you.
To get an administration settings report:
1 Select a computer list in the Remote Desktop window.
2 Select one or more computers in the selected computer list.
3 Choose Report > Administration Settings.
4 Click Get Report.