Switching ssh to run on an alternate port on macOS Hight Sierra

By | January 19, 2018

In order to get the ssh daemon to run on an alternate port, I decided to launch an second ssh daemon (let’s call it “ssh-2”) instead of messing with the main one. This has the benefit of being more resistant to any issues with macOS software updates. It also means you won’t screw up your built-in service.

I install a ssh plist in the appropriate directory, /Library/LaunchDaemons (you’ll need to use sudo to edit this file). Let’s call it “ssh-2.plist” and here are the contents (shown with port 2222, change this to be whatever legal value you want):


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>com.openssh.sshd2</string>
<key>Program</key>
<string>/usr/libexec/sshd-keygen-wrapper</string>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/sshd</string>
<string>-i</string>
</array>
<key>Sockets</key>
<dict>
<key>Listeners</key>
<dict>
<key>SockServiceName</key>
<string>2222</string>
</dict>
</dict>
<key>inetdCompatibility</key>
<dict>
<key>Wait</key>
<false/>
<key>Instances</key>
<integer>42</integer>
</dict>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>SHAuthorizationRight</key>
<string>system.preferences</string>
<key>POSIXSpawnType</key>
<string>Interactive</string>
</dict>
</plist>

 

Reboot and you’ll have an ssh daemon listening on port 2222.

Note that the standard ssh daemon adds Bonjour announcements, so anyone browsing Bonjour can see you have a service listening. I purposely left this out of the plist so that you will NOT be announcing to the local network that you have SSH listening on this port.

Category: Uncategorized

About Bill Plein

I've been in the data storage industry since the 1990's, most recently with 3PAR, Fusion-io, and Pure Storage. I'm now with Diamanti, where we make Kubernetes easy and fast. I'm attracted to bright, shiny new objects.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.