I've got the built-in SSH server enabled on my iMac so I can get to files while away from my comp. I'd like to change the default port it uses for security, and to reduce the chances of my ISP, who doesn't like servers, of finding me because they might do port scans on common ports. How would I go about changing it? Thanks
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Changing SSH port
- Thread starter yg17
- Start date
- Sort by reaction score
It really depends on the distribution, on debian it's
/etc/ssh/sshd_config
on the mac it's
/etc/sshd_config
Remember to restart sshd after changing the config file
That's exactly what I do. You have to remember to use the -p (ssh) or -P (scp) command line option to specify the port number you're using coming in.
I can't guarantee it, but I bet it does. Give it a try, or at least let us know what model router you are using.
WGR614.
I can forward ports obviously, but I can't set the external and internal port. At least I think so....I'm at work right now so I can't really try
I can forward ports obviously, but I can't set the external and internal port. At least I think so....I'm at work right now so I can't really try
If it's the router I think it is, I set one up for my aunt and uncle. Somewhere is your "Port Forwarding / Port Triggering" section. I think its under "Advanced". Select "Port Forwarding" and add a "Custom Service" (or edit one already there). Make the "Start Port" 2222 and the "End Point" 22. Make sure the "Server IP Address" is set to the IP of your iMac.
Sorry if my terminology is a little off. Every manufacturer uses slightly different terms and they are hard to keep track of.
Good luck.
Sorry if my terminology is a little off. Every manufacturer uses slightly different terms and they are hard to keep track of.
Good luck.
You need to change the SSH port at /etc/services rather than /etc/sshd_config (see here, linked to from a Basic Mac OS X Security Guide)
It's definitely worth doing, 22 is such an obvious port to try if some tried to hack your machine.
It's definitely worth doing, 22 is such an obvious port to try if some tried to hack your machine.
I've had a look at the online manual for the WGR615v5 router, it seems that you have to go to the 'Port Forwarding / Port Triggering' section, then click 'Port Fowarding'.
You then need to click 'Add Custom Service' then enter a service name of whatever you like, say 'Mac SSH', a service type of TCP/UDP, a start port of 2222 (if that's what port you're changing to), end port of 2222 and finally the internal IP address of your Mac (eg, 192.168.0.2)
The 'LAN IP' section can be used to ensure your Mac always gets given the same IP regardless of who is on your network etc. That way you can always guarantee that the custom service will be applied to the right computer.
I hope this helps, the advice is based on a quick skim over the manual, I hope it at least steers you in the right direction
I know how to do port forwarding on my router. The point is, someone said I can set an external port of 2222 (or anything I want) and forward it to my iMac (which I assigned a static IP in network settings) on port 22, so I don't need to mess with config files. But that doesn't seem possible. The start port/end port crap is for ranges, not external/internal port
Sorry, I see what you mean now. It does look like you'll need to go edit the config files unless someone else knows how you could avoid it. I am 99.9% certain that you can't do it with your router as you've pointed out with the start/end ports in your router configuration.
