SSH Switch Plugin

Posted on
Tue Apr 04, 2017 11:08 pm
kwijibo007 offline
Posts: 325
Joined: Sep 27, 2013
Location: Melbourne, Australia

SSH Switch Plugin

SSH Switch is a simple plugin which allows you to enable/disable SSH (Remote Login) on the Mac running Indigo server. The ability to enable/disable SSH is presented as a standard Indigo switch.

In addition to SSH control, the plugin can also report your public IP address and the date it was last updated.

I wrote this plugin to help me support Indigo (and the Mac it's running on) for family and friends. I wasn't comfortable in leaving SSH open to the internet constantly and wanted a way someone could grant me access as required. This way the person I'm supporting flicks a switch in Indigo Touch to enable remote access and turns it off when I'm done. They can also easily provide me their public IP address too. Aside from console access, SSH lets you do some cool things like screen sharing (via an SSH tunnel) and file transfers.

Please note: In order to allow the plugin to enable/disable SSH (Remote Login), a change to your Mac's sudoers file is required. This change grants the user running indigo the permission to query the state of SSH, turn SSH on and turn SSH off without entering an administrator password. No other rights/changes are granted in this process.

Important: Opening SSH to the internet and making the changes to your sudoers file outlined below reduces the security of your Mac. In my humble, non-professional opinion, the risks are fairly low but you should only make these changes if you fully understand what they are doing. That being said, you should have a very, very (very) strong password on the account with SSH access.

Full credit for the steps below (and a big thank you) go to forum user roussell. Without his awesome help this plugin would not have been possible. See this topic for full details. NB: I wasn't able to make the overrides file work as suggested so I resorted to editing the sudoers file directly. There are some good tips here on security by obscurity and the plugin allows you to change the path of the systemsetup executable if you so desire.

Steps:

Open terminal and type:

Code: Select all
sudo visudo

This opens the sudoers file in a special vi (terminal text editor) variant which checks that you havn't made any syntax errors. Never edit the sudoers file directly in a normal text editor.

Scroll down and find something similar to these lines:
Code: Select all
# User privilege specification
root    ALL=(ALL) ALL
%admin  ALL=(ALL) ALL

Press "a" to put VI into edit mode and place a new line directly under "%admin ALL=(ALL) ALL". On the new line(s) enter the following (where "my_username" is the username of the user running your Indigo):
Code: Select all
my_username    ALL=(ALL) NOPASSWD: /usr/sbin/systemsetup -getremotelogin
my_username    ALL=(ALL) NOPASSWD: /usr/sbin/systemsetup -setremotelogin on
my_username    ALL=(ALL) NOPASSWD: /usr/sbin/systemsetup -f -setremotelogin off

The final result should look like this:
Code: Select all
root    ALL=(ALL) ALL
%admin  ALL=(ALL) ALL
my_username    ALL=(ALL) NOPASSWD: /usr/sbin/systemsetup -getremotelogin
my_username    ALL=(ALL) NOPASSWD: /usr/sbin/systemsetup -setremotelogin on
my_username    ALL=(ALL) NOPASSWD: /usr/sbin/systemsetup -f -setremotelogin off

Press "esc" and then ":wq!" flowered by enter to save the file and exit. If all has gone to plan you won't be prompted for a password when you type "sudo /usr/sbin/systemsetup -getremotelogin" into Terminal. To properly test, close all open terminal sessions, wait 5 minutes and give it a try.

Once you've sorted the steps above, install the plugin and you're good to go. The plugin options are self explanatory (I hope).

Plugin can be downloaded here.

Posted on
Mon Jul 25, 2022 4:13 am
kwijibo007 offline
Posts: 325
Joined: Sep 27, 2013
Location: Melbourne, Australia

Re: SSH Switch Plugin

Just posting for completeness.

I'm fairly sure no one uses this plugin (including me now). I'm not going to update it to support Python 3.

Page 1 of 1

Who is online

Users browsing this forum: No registered users and 0 guests