Headshot

Jon Atkinson

I'm a technologist, with a long and varied history in high-end technical delivery and infrastructure management. I'm particularly interested in managing software teams, rapid application development, and scalability challenges.

SSH on multiple ports with OSX 10.5

I want my Mac Mini running Leopard to listen for SSH connections on multiple ports. This proved to be far more difficult that it should have been. For the sake of this example, lets say SSH should listen on port 22, which is the default, and port 10022.

On most unixes, you just edit /etc/sshd_config to contain the following:

Port 22
Port 10022

Then you restart SSH, and you're done. Things aren't so simple since Apple introduced launchd.

First, you need to duplicate the existing launchd service description file, like this:

sudo cp /System/Library/LaunchDaemons/ssh.plist /System/Library/LaunchDaemons/ssh2.plist

Then, edit the ss2.plist file as follows. The keys actually changed are Label and SockServiceName:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList
-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Label</key>
        <string>com.openssh.sshd2</string>
        <key>Program</key>
        <string>/usr/libexec/sshd-keygen-wrapper</string>
        <key>ProgramArguments</key>
        <array>
                <string>/usr/sbin/sshd</string>
                <string>-i</string>
        </array>
        <key>SHAuthorizationRight</key>
        <string>system.preferences</string>
        <key>SessionCreate</key>
        <true/>
        <key>Sockets</key>
        <dict>
                <key>Listeners</key>
                <dict>
                        <key>Bonjour</key>
                        <array>
                                <string>ssh</string>
                                <string>sftp-ssh</string>
                        </array>
                        <key>SockServiceName</key>
                        <string>ssh2</string>
                </dict>
        </dict>
        <key>StandardErrorPath</key>
        <string>/dev/null</string>
        <key>inetdCompatibility</key>
        <dict>
                <key>Wait</key>
                <false/>
        </dict>
</dict>
</plist>

Finally, you need to add your new SSH port to /etc/services. Append lines like this at the end of that file:

ssh2              10022/udp 
ssh2              10022/tcp

Now you need to instruct launchd to start this service (it should start automatically on bootup thereafter)

sudo launchctl load -w /System/Library/LaunchDaemons/ssh2.plist

Finally, check that everything works correctly:

ssh -p 10022 localhost

Date: 1st December 2008.

Tags: .

Reading time: Less than 1 minute.