2

They changed things in later versions of macOS so that you can't just edit etc/ssh/sshd_config like you would in Linux. What do I type into the shell to run sshd on port 500 instead of 22?

klanomath
  • 66,391
  • 9
  • 130
  • 201
Walrus the Cat
  • 984
  • Any of this solutions working? https://serverfault.com/questions/18761/how-to-change-sshd-port-on-mac-os-x – b4d Dec 05 '17 at 07:18
  • is there any way to just like "symlink" the port -- pipe everything straight through for a test -- rather than loading up a .plist etc ? – Walrus the Cat Dec 06 '17 at 23:17

1 Answers1

2

To modify the ssh port, you have to edit the ssh launch daemon of the ssh server host:

  • disable SIP

  • open ssh.plist:

    sudo nano /System/Library/LaunchDaemons/ssh.plist

  • modify the <key>Sockets</key> (example port here: 10022) from

        ...
    <key>Sockets</key>
    <dict>
            <key>Listeners</key>
            <dict>
                    <key>SockServiceName</key>
                    <string>ssh</string>
                    <key>Bonjour</key>
                    <array>
                            <string>ssh</string>
                            <string>sftp-ssh</string>
                    </array>
            </dict>
    </dict>
    ...

    to

        ...
    <key>Sockets</key>
    <dict>
            <key>Listeners</key>
            <dict>
                    <key>SockServiceName</key>
                    <string>10022</string>
                    <key>Bonjour</key>
                    <array>
                            <string>10022</string>
                            <string>10022</string>
                    </array>
            </dict>
    </dict>
    ...

  • unload and load the daemon

    sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist 
sudo launchctl load /System/Library/LaunchDaemons/ssh.plist
  • test the ssh daemon
  • enable SIP

An alternative, less intrusive approach is to create a second ssh launch daemon in /Library/LaunchDaemons/:

  • copy the ssh.plist

    sudo cp /System/Library/LaunchDaemons/ssh.plist /Library/LaunchDaemons/ssh2.plist

  • modify the ssh2.plist:

    sudo nano /Library/LaunchDaemons/ssh2.plist

    change the key Label to

    <key>Label</key>
<string>com.openssh.sshd2</string>

    change the key <key>Sockets</key> as described earlier

  • disable SSH in the System Preferences > Sharing > Remote Login

  • load the launch daemon:

    sudo launchctl load -w /Library/LaunchDaemons/ssh2.plist
  • with strict key checking enabled in the ssh config file on a ssh client host you may have to remove the ssh server from the known_hosts file of this remote host.
  • access the ssh server with ssh user@IP -p <port>
jaume
  • 15,010
klanomath
  • 66,391
  • 9
  • 130
  • 201
  • oh brother..... thats why i stayed on 10.12 until last week. i knew once Apple removed the 3.5mm jack it would be all over what a pity. – Tomachi Oct 02 '18 at 06:49