MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
August
Sun Mon Tue Wed Thu Fri Sat
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31          
2015
Months
Jan Feb Mar
Apr May Jun
Jul AugSep
Oct Nov Dec


Wed, Aug 12, 2015 11:00 pm

Changing the SSH listening port on OS X

Mac OS X systems have a /etc/sshd_config file for configuring SSH server settings just as one finds on Linux/Unix systems. On a Linux or Unix system, you can edit that file and change the Port line to change the listening port for the SSH daemon from the standard port of 22 to some other port. On Linux/Unix systems you will find the following line in the file:

#Port 22

To change the port on which the system listens for SSH connections from SSH clients, you merely remove the "#" from the beginning of the line, which signifies the line is a comment, and repace "22" with the new port you wish to use for SSH connections and then restart the SSH server service.

You can do the same on an Apple OS X system, but the change will have no effect on the port the SSH daemon will listen on, which you can verify using the netstat command, which will still show the system listening on the standard SSH port.

$ netstat -a | grep ssh
tcp4       0      0  *.ssh                  *.*                    LISTEN     
tcp6       0      0  *.ssh                  *.*                    LISTEN

To change the listening port on an OS X system, you must, instead, edit /System/Library/LaunchDaemons/ssh.plist. E.g., if you use the vi text editor, you can use the following command:

sudo vi /System/Library/LaunchDaemons/ssh.plist

In the file, you will see the following section:

<dict>
        <key>Listeners</key>
        <dict>
                <key>SockServiceName</key>
                <string>ssh</string>

Replace the ssh in the line <string>ssh</string> with the new port you wish to use, e.g., 50022. To prevent confusion later, it is probably best not to use a well-known port number, i.e., it is probably better to pick a port above 1,023. And you may also want to avoid using a registered port, since those are ports commonly used by a variety of applications. Registered ports are those from 1,024 to 49,151.

Once you've replaced "ssh" with a nonstandard port number in ssh.plist, you need to restart the SSH server service, which you can do with the following two commands:

sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist
sudo launchctl load /System/Library/LaunchDaemons/ssh.plist

You can then verify that the SSH service is listening on the new port with the netstat command. E.g., if you selected 50,022 for the new port, you could use the command below:

$ netstat -an | grep 50022
tcp6       0      0  *.50022                 *.*                    LISTEN
tcp4       0      0  *.50022                 *.*                    LISTEN

Note: you can't use the launchctl stop and launchctl start commands to stop and restart the SSH server service regardless of whether it is listening on a standard or nonstandard port. You won't see any error messages, but the commands will have no effect as you can check by issuing a netstat command after the stop command. 

$ sudo launchctl stop com.openssh.sshd
$ netstat -a | grep ssh
tcp4       0      0  *.ssh                  *.*                    LISTEN     
tcp6       0      0  *.ssh                  *.*                    LISTEN     
$ sudo launchctl start com.openssh.sshd
$

[/os/os-x] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo