UPDATE 29th of November: A colleague showed me the possibility of using JSON in iOS Shortcuts. This allows us to create quick API calls without the need of ssh and another machine running the script. Cool indeed. Time permitting I will dive into some handy API calls to add to Shortcuts. Nevertheless, the option to quickly run your API scripts from iOS through ssh might remain handy in some cases.

This is going to be a quick one, just to see if there would be a use case for it! Let me know what you think!

After publishing my previous post on how to create an ESXI VM via the iOS Shortcuts app, I was wondering what else I could do with it. Be it just for fun, or something which might be useful.

This brought my thoughts to the Jamf API. What if I could just press a button on the iPhone and make some ‘sudo Jamf magic’ ??‍♂️ happen…? Well we could create a fancy iOS app, but unfortunately I’m not a developer. And as discussed in my previous post, Apple did give us a very handy iOS tool: the Shortcuts app. Not only is it soo easy to use, it also allows us to run scripts from an iOS device! 

The only caveat here is: you need to SSH into another device to run the script. But imagine you do have a computer sitting around somewhere, or even better, the possibility to run a ‘low spec’ VM on which you can enable SSH.

I know, the idea of keeping a device on the network with SSH enabled just for this… It might not please everyone and even put some network security guys on their high horse again, but with the correct network isolation this should not be the end of the world in my opinion. Up to you to decide if this is acceptable, because in the end, the purpose of this post is just to have some fun, explore possibilities and open the discussion.

In order to make a proof of concept, I quickly made a script to ‘update the inventory of ALL mobile devices’ in my Jamf Pro. As usual with most scripts, a quick disclaimer: scripting is not my daily core business. There might be better ways of achieving this, my code might be dirty or not following ‘best practices’. Or maybe even worse, trigger reactions like ‘oh no, you should never…’. Just let me know what’s wrong, and what should or should not be done. More than happy to learn!

While there might already be other scripts available to update the inventory of mobile devices, here is my take on it: updateInventory (gitHub). Have a look and again don’t hesitate to give me some feedback.

Putting the discussion on the script as such aside, just imagine you have a script doing some Jamf API calls and let’s have a look at the iOS Shortcuts app again:

  • Add the  ‘Run Script Over SSH’ payload
  • Configure your SSH connection
  • Copy paste the script to run in the actual payload field
  • Add the ‘Show Result’ payload and select the ‘Run Script Over SSH’ variable as content.
Instead of copying the script in the shortcut, you could also store it somewhere on the actual machine and just execute it over SSH
(‘sh /path/to/scriptorun.sh’).
Whatever you find more convenient.
Hit the Shortcut… and wait…

Oh yes, in case you put your shortcuts in the widgets of the lock-screen… just remember that those are accessible without unlocking the iPhone. This might not be a good idea, depending your API call… This is however easily fixed by adding the “Continue Shortcut in App’ payload. This forces you to unlock the iPhone to run the shortcut!

That’s it… as said the intention of this post was just to play around with the Shortcuts app to see if there would be a real use case for it in combination with the Jamf API.

What do you think?

As always, if you like this blog, hit the like button, tell your friends and leave a comment down below!