Desert Crystal Solutions


Mac OSX SSH Change Default Port 22 [Scripted]

Monday, 01 October 2012 07:38

By default SSH on Mac OS X Mountain Lion (10.8.x) and earlier, runs on the standard port of 22. 
This is all well and good until you know that port 22 is one of the highest targetted and exploited ports of all, which means using SSHD "Remote Login" on a larger network or Internet could just be opening yourself up for a world of pain.

I love to automate everything, so here is a script that I've decided to share from a while back to simplify changing the default SSH Daemon port on your Apple Mac:

  1. Open up Terminal
  2. Copy and Paste the following into your Terminal:

    read -p "Please enter new SSH Port number: " sshport; sudo sed -i "-bak" -n "/SockServiceName/{p;n;s/>.*</>$sshport</;};p" /System/Library/LaunchDaemons/ssh.plist; echo "SSH Port $sshport. Restart service for changes to take effect."

  3. When asked, enter in the port number/service name you wish to use for SSH/SCP access to your Mac
  4. Restart your SSHD service with launchctl or go to System Preferences -> Sharing -> Remote Login and Turn Off and then On again.
  5. Done.


This script also creates a backup of your original OSX SSH plist configuration as /System/Library/LaunchDaemons/ssh.plist-bak.
To reset your configuration back to the default, either enter "ssh" as the port number in the above script or restore the backup file using:

sudo cp -a /System/Library/LaunchDaemons/ssh.plist.bak /System/Library/LaunchDaemons/ssh.plist


By the way, if you're new to SSH then you need to know that simply changing the default SSH port by NO MEANS means you're now safe from attacks.
For further information on securing SSH, please research Public/Private Key Authentication, disabling PasswordAuthentication and amongst others, firewalling techniques.  Or alternatively search for "reverse ssh hak5" for some nice ssh tutorials.


" type="text/javascript"> --); ?>