Sysadmin > OSXchangeSshPort

Change sshd port on Mac OS X

Choose an alternative port

You can avoid massive password probing from an external attacker, if you change the ssh default port to an other port (ok, it is security by obscurity, but it works in the first order). This how to works with Mac OS 10.4 (Tiger) and 10.5 (Leopard). For older versions you just have to change /etc/ssh/sshd.config.

Pick a service-name from /etc/services

...
daytime          13/tcp     # Daytime (RFC 867)
qotd             17/tcp     # Quote of the Day
msp              18/tcp     # Message Send Protocol
chargen          19/tcp     # Character Generator
ftp-data         20/tcp     # File Transfer [Default Data]
ftp              21/tcp     # File Transfer [Control]
ssh              22/tcp     # SSH Remote Login Protocol
telnet           23/tcp     # Telnet
                 24/tcp     # any private mail system
smtp             25/tcp     # Simple Mail Transfer
nsw-fe           27/tcp     # NSW User System FE
msg-icp          29/tcp     # MSG ICP
msg-auth         31/tcp     # MSG Authentication
dsp              33/tcp     # Display Support Protocol
                 35/tcp     # any private printer server
time             37/tcp     # Time
...

If you like to use for example port 33, remember the service-name (for port 33 ie. dsp).

Change the sshd port

Modify /System/Library/LaunchDaemons/ssh.plist

Change the line under SockServiceName from ssh to your new remembered service-name (for port 33 dsp)

Change
...
         <key>SockServiceName</key>
         <string>dsp</string>
...

You can use any editor to change the file

Load the new config file

  1. sudo launchctl load /System/Library/LaunchDaemons/ssh.plist
  2. sudo launchctl start com.openssh.sshd

or

Reboot the machine

Access the Mac via ssh

After that you can connect to your Mac via ssh with

ssh -p33 user@your.machine.com

or

scp -P33 test.file user@yourNOSPAM.machine.com:/tmp