Changing SSH port

Discussion in 'macOS' started by yg17, May 2, 2007.

  1. yg17 macrumors G5

    yg17

    Joined:
    Aug 1, 2004
    Location:
    St. Louis, MO
    #1
    I've got the built-in SSH server enabled on my iMac so I can get to files while away from my comp. I'd like to change the default port it uses for security, and to reduce the chances of my ISP, who doesn't like servers, of finding me because they might do port scans on common ports. How would I go about changing it? Thanks
     
  2. snakesqzns macrumors regular

    snakesqzns

    Joined:
    Apr 26, 2007
    #2
    On Linux I think you set that in /etc/sshd/sshd_config. Try something like that.
     
  3. Mr.Texor macrumors regular

    Joined:
    Apr 20, 2007
    #3
    It really depends on the distribution, on debian it's
    /etc/ssh/sshd_config
    on the mac it's
    /etc/sshd_config

    Remember to restart sshd after changing the config file
     
  4. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #4
    Do you have a router? If so, I'd change the incoming port on the router to be 2222 (or whatever you want) and I'd have it forwarded it to your Mac as port 22.

    If you don't have a router, maybe this will help.
     
  5. daveL macrumors 68020

    daveL

    Joined:
    Jun 18, 2003
    Location:
    Montana
    #5
    That's exactly what I do. You have to remember to use the -p (ssh) or -P (scp) command line option to specify the port number you're using coming in.
     
  6. yg17 thread starter macrumors G5

    yg17

    Joined:
    Aug 1, 2004
    Location:
    St. Louis, MO
    #6
    Not a bad idea, but I don't think my cheap Netgear lets me do that.
     
  7. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #7
    I can't guarantee it, but I bet it does. Give it a try, or at least let us know what model router you are using.
     
  8. yg17 thread starter macrumors G5

    yg17

    Joined:
    Aug 1, 2004
    Location:
    St. Louis, MO
    #8
    WGR614.

    I can forward ports obviously, but I can't set the external and internal port. At least I think so....I'm at work right now so I can't really try
     
  9. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #9
    If it's the router I think it is, I set one up for my aunt and uncle. Somewhere is your "Port Forwarding / Port Triggering" section. I think its under "Advanced". Select "Port Forwarding" and add a "Custom Service" (or edit one already there). Make the "Start Port" 2222 and the "End Point" 22. Make sure the "Server IP Address" is set to the IP of your iMac.

    Sorry if my terminology is a little off. Every manufacturer uses slightly different terms and they are hard to keep track of.

    Good luck.
     
  10. Craig Christ macrumors member

    Joined:
    May 2, 2007
    #10
    If it can do port forwarding, you should have the capability to do this.
     
  11. yg17 thread starter macrumors G5

    yg17

    Joined:
    Aug 1, 2004
    Location:
    St. Louis, MO
    #11
    I have Start Port and End Port, but that's to do a range of ports
     
  12. NATO macrumors 68000

    NATO

    Joined:
    Feb 14, 2005
    Location:
    Northern Ireland
    #12
    You need to change the SSH port at /etc/services rather than /etc/sshd_config (see here, linked to from a Basic Mac OS X Security Guide)

    It's definitely worth doing, 22 is such an obvious port to try if some tried to hack your machine.
     
  13. NATO macrumors 68000

    NATO

    Joined:
    Feb 14, 2005
    Location:
    Northern Ireland
    #13
    I've had a look at the online manual for the WGR615v5 router, it seems that you have to go to the 'Port Forwarding / Port Triggering' section, then click 'Port Fowarding'.

    You then need to click 'Add Custom Service' then enter a service name of whatever you like, say 'Mac SSH', a service type of TCP/UDP, a start port of 2222 (if that's what port you're changing to), end port of 2222 and finally the internal IP address of your Mac (eg, 192.168.0.2)

    The 'LAN IP' section can be used to ensure your Mac always gets given the same IP regardless of who is on your network etc. That way you can always guarantee that the custom service will be applied to the right computer.

    I hope this helps, the advice is based on a quick skim over the manual, I hope it at least steers you in the right direction
     
  14. yg17 thread starter macrumors G5

    yg17

    Joined:
    Aug 1, 2004
    Location:
    St. Louis, MO
    #14
    I know how to do port forwarding on my router. The point is, someone said I can set an external port of 2222 (or anything I want) and forward it to my iMac (which I assigned a static IP in network settings) on port 22, so I don't need to mess with config files. But that doesn't seem possible. The start port/end port crap is for ranges, not external/internal port
     
  15. NATO macrumors 68000

    NATO

    Joined:
    Feb 14, 2005
    Location:
    Northern Ireland
    #15
    Sorry, I see what you mean now. It does look like you'll need to go edit the config files unless someone else knows how you could avoid it. I am 99.9% certain that you can't do it with your router as you've pointed out with the start/end ports in your router configuration.
     
  16. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #16
    Sorry. I was sure that's how I did it on that router before. I guess not. :eek:
     

Share This Page