Monday, April 22, 2013

Change the default SSH port on OSX

I got some pushback from sys admins about keeping an SSH server open on the default privileged port 22. They said "change it," so here's what I did.

First, I edited /etc/services, and changed the ssh entries to use a new port number. Chose a port above 1000 that isn't in use already. 

Second - and this is useful for people using git and ssh outbound - edit /etc/ssh_config and under Host *, add an entry:
  Port 22

Another method uses /System/Library/LaunchDaemons/ssh.plist, but the above is more Unix-centric way. On my system, the ssh.plist has a "disabled" key anyway. 

No comments: