Friday, January 28, 2011

How to change sshd port on Mac OS X?

I want to change sshd's port on Mac OS X from default 22 to 32, but editing /etc/sshd_config seems does not work.

How can I change it?

From serverfault Alexander Artemenko

  • According to this hint you just need to change the port in /etc/services.

    MikeyB : Ewww.... you would break applications that do a lookup on the 'ssh' service when they want to ssh into other hosts. Granted, by now port 22 is probably hardcoded but it just feels wrong.
    From cartman

  • In order to change the port on Mac OS-X for your SSH daemon, follow the following steps:

    1. Open Terminal and as edit the file /etc/services (as root)

    2. Add a line at the bottom: 

      secret-ssh 43539/tcp # secret SSH port

    3. Edit file /System/Library/LaunchDaemons/ssh.plist and replace the code:

      <key>SockServiceName </key>
<string>ssh </string>

      with

      <key>SockServiceName </key>
<string>secret-ssh </string>

    4. Open Sharing control panel and ensure that Remote Login is checked off (if not uncheck it). Then check it again to start with the new configuration.

    Now you should be able to run SSH command to your external IP as follows: 

    ssh -p 43539 ip_address_of_your_server -l username
    AlberT : very very dirty workaround
    From Mike

  • How can I check to make sure ssh is running on my new port? I keep getting a connection refused error and I'm stuck.

    Bill Weiss : `sudo lsof -i -n -P | grep sshd | grep LISTEN` should tell you what port(s) sshd has open.
    From $pageUsers[$post.author].name

  • Every previous answer is working (as google suggest too), but it is dirty and inelegant.

    The right way to change the listening port for a launchd handled service on Mac OS X is to use the dedicated keys available in launchd.plist manual.

    So the solution is as simple as to use the port number instead of the service name:

        <key>Sockets</key>
    <dict>
            <key>Listeners</key>
            <dict>
                    <key>SockServiceName</key>
                    <string>22022</string>
                    <key>SockFamily</key>
                    <string>IPv4</string>
                    <key>Bonjour</key>
                    <array>
                            <string>22022</string>
                            <string>sftp-ssh</string>
                    </array>
            </dict>
    </dict>

    The above will also force sshd to listen only over IPV4.

    From AlberT

  • If you want sshd to listen on an additional port, you can add multiple entries to the Sockets dictionary.

    Example:

    <key>Sockets</key>
<dict>
        <key>Listeners</key>
        <dict>
                <key>SockServiceName</key>
                <string>ssh</string>
                <key>Bonjour</key>
                <array>
                        <string>ssh</string>
                        <string>sftp-ssh</string>
                </array>
        </dict>
        <key>Listeners2</key>
        <dict>
                <key>SockServiceName</key>
                <string>22022</string>
        </dict>
</dict>
    From Raim
Posted by Mu Cat at 4:48 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)