Every previous answer is working (as google suggest too), but they are dirty and inelegant.
The right way to change the listening port for a launchd handled service on Mac OS X is to make the changes the dedicated keys available in ssh.plist
So the solution is as simple as to use the port number instead of the service name.
An excerpt from my edited /System/Library/LaunchDaemons/ssh.plist
:
<key>Sockets</key>
<dict>
<key>Listeners</key>
<dict>
<key>SockServiceName</key>
<string>22022</string>
<key>SockFamily</key>
<string>IPv4</string>
<key>Bonjour</key>
<array>
<string>22022</string>
</array>
</dict>
</dict>
Note:
To be able to edit this file on El Capitan, Sierra and probably future versions as well, you need to disable SIP (System Integrity Protection). See How do I disable System Integrity Protection (SIP).
For Catalina, even after disabling SIP, the volumes are unwritable. Use sudo mount -uw /
in order to enable writing to /System
. Do the change then restore SIP and reboot.
The above edit will also force sshd to listen only over IPV4.
After making any changes to ssh.plist
, the file must be reloaded as follows:
sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist
sudo launchctl load /System/Library/LaunchDaemons/ssh.plist
Note that using launchctl stop ...
and launchctl start ...
will NOT reload this file.
The man page with more information can be found by typing man launchd.plist
or using this link.
To change the passphrase on your default key:
$ ssh-keygen -p
If you need to specify a key, pass the -f
option:
$ ssh-keygen -p -f ~/.ssh/id_dsa
then provide your old and new passphrase (twice) at the prompts. (Use ~/.ssh/id_rsa
if you have an RSA key.)
More details from man ssh-keygen
:
[...]
SYNOPSIS
ssh-keygen [-q] [-b bits] -t type [-N new_passphrase] [-C comment]
[-f output_keyfile]
ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
[...]
-f filename
Specifies the filename of the key file.
[...]
-N new_passphrase
Provides the new passphrase.
-P passphrase
Provides the (old) passphrase.
-p Requests changing the passphrase of a private key file instead of
creating a new private key. The program will prompt for the file
containing the private key, for the old passphrase, and twice for
the new passphrase.
[...]
Best Answer
The answer is similar to the one you linked to.
In the file
/System/Library/LaunchDaemons/ssh.plist
, you need to edit theListeners
item. The IP address can be specified with they keySockNodeName
. When you're done, theListeners
part of the file should look something like this:Once you're done, you reload the config by doing