This tutorial works also with Mavericks and Yosemite.
OS X is based on UNIX, but there are some big differences. On an Linux or UNIX you could easily edit the sshd_config to change the default port. On OS X you have to go a longer way – but it’s still easy. I change the default sshd port after a fresh system installation, or a system upgrade (major upgrade, like from Yosemite to El Capitan will change the port to 22 again…), because of security.
Modify the /etc/services file and add two new entries (in this example I use port 60225):
sudo nano /etc/services
ssh2 60225/udp # SSH Remote Login Protocol ssh2 60225/tcp # SSH Remote Login Protocol
Now you could add a secondary ssh port on OS X. Both values should be the same! Save end exit (CTRL+O and CTRL+X).
Create a copy of your ssh.plist configuration and modify the new file:
sudo cp /System/Library/LaunchDaemons/ssh.plist /System/Library/LaunchDaemons/ssh2.plist sudo nano /System/Library/LaunchDaemons/ssh2.plist
Rename sshd to sshd2 and ssh to ssh2:
<key>Label</key> <string>com.openssh.sshd2</string> ... <key>SockServiceName</key> <string>ssh2</string>
Reload the ssh2.plist to activate the new port:
sudo launchctl unload /System/Library/LaunchDaemons/ssh2.plist sudo launchctl load -w /System/Library/LaunchDaemons/ssh2.plist
Test the login:
ssh -l USERNAME localhost -p YOUR_NEW_PORT
For more security you could just change the port 22 inside /etc/services, without adding a second one. Skip the ssh2.plist copy & reload part, just reload the ssh.plist instead.
7 responses on “OS X El Capitan change SSH port”
You just made my day! Didn’t know the /etc/services files with all the ports…
– Zillo!
YosemiteZ com.apple.xpc.launchd[1] (com.openssh.sshd2): Unknown key for string: SHAuthorizationRight
Thanks for this. Worked like a charm.
Thanks, I followed you, it work perfect.
Regards.
I haven’t investigated any further than unloading the ssh.plist and ssh2.plist and reloading only the ssh2 (which exits 0) with the same result shown below:
stooey@stoopendous:~$ ssh stooey@localhost -p7866
ssh_exchange_identification: Connection closed by remote host
Hey John
Could be a bunch of problems! Have you already checked your system logs? Search for sshd inside to get more info!
Hi, what is the OsX (Yosemite, El Capitan) way to get a chroot jail? As you say, normally I would config the port, the chroot jail etc. in the /etc/sshd_config. But it seems that this file (sshd_config) is completely useless. Neither the port nor the jail config gets read from there. Do I have to configure the jail in the plist as well??