Skip to content

Instantly share code, notes, and snippets.

@trodemaster
Last active October 29, 2015 16:47
Show Gist options
  • Save trodemaster/db26d5d2b20158fee76e to your computer and use it in GitHub Desktop.
Save trodemaster/db26d5d2b20158fee76e to your computer and use it in GitHub Desktop.
Configure OS X 10.11 to listen on an alternate ssh port.
1. Pick a port and hack up your /etc/services file
Change existing port entry from
mbus 47000/udp # Message Bus
mbus 47000/tcp # Message Bus
to..
ssh-47000 47000/udp # Alternate port SSH Remote Login Protocol
ssh-47000 47000/tcp # Alternate port SSH Remote Login Protocol
2. copy the ssh.plist
sudo cp /System/Library/LaunchDaemons/ssh.plist /Library/LaunchDaemons/ssh-47000.plist
3. Edit the plist
a. make sure it's enabled at the top of the file.
<key>Enabled</key>
<true/>
b. Update the label so it doesn't conflict with existing ssh.plist
<key>Label</key>
<string>com.openssh.sshd-47000</string>
c. Update the SockServiceName
<key>SockServiceName</key>
<string>ssh-47000</string>
3. restart or use launctl to load the plist
4. check to see if your system is listening
netstat -an | grep 47000
tcp4 0 0 *.47000 *.* LISTEN
tcp6 0 0 *.47000 *.* LISTEN
Success without messing around with SIP!!
5. Use your firewall to protect port 22 and open your new port 47000
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment