avatarStringMeteor

Summary

The web content provides a tutorial on enhancing macOS security by changing the default SSH listening port to a non-standard port, along with instructions for restoring the SSH client's default behavior.

Abstract

The article titled "Secure Your macOS Remote SSH Access by Changing Listening Port" discusses the importance of altering the default Secure Shell (SSH) port as a security measure known as "security through obscurity." This technique involves changing the well-known port 22 to a different, less predictable port number to deter attackers from easily finding and exploiting the SSH service. The tutorial guides macOS users through the process of editing the /etc/services file to modify the SSH port settings and offers steps to revert the SSH client to using the default port 22 for new connections if desired. It also emphasizes the need for additional security measures, such as securing home routers and using key-based authentication instead of passwords. The article concludes with a reminder to follow the author for more insights and provides links to related articles on enhancing security and the efficient use of technology.

Opinions

  • The author suggests that changing the default SSH port adds a layer of security by making the SSH service less visible to potential attackers.
  • It is recommended to choose a port number between 20000 and 40000 to avoid conflicts with native macOS services and ephemeral ports.
  • The article warns that changing the SSH listening port will affect all new SSH connections, which will attempt to use the new port unless specified otherwise.
  • The author advises that for convenience, users can restore the SSH client's default behavior to connect through port 22 by editing the /etc/ssh/ssh_config file.
  • The article promotes the use of key-based authentication over password authentication for increased security.
  • The author encourages readers to engage by leaving comments if they need support or have questions.
  • The author expresses enthusiasm for readers to explore their other articles and follow them for more content on technology and security.

Secure Your macOS Remote SSH Access by Changing Listening Port

Enhance the Security of Your macOS Remote SSH Access by Changing the Listening Port

Changing the default SSH port is a common security measure that is often referred to as a “security through obscurity” technique. This type of technique relies on the idea that hiding or obfuscating important information can make it more difficult for attackers to find and exploit a system. In the case of SSH, changing the default port makes it more difficult for attackers to find and target the service, as they would need to know the non-standard port number in order to connect to it.

Photo by Nong V from Unsplash

Remote Secure Shell (SSH) access is a common method for securely accessing your Mac device. However, the default port for SSH (port 22) is well-known and is often targeted by malicious actors. In this tutorial, I will show you how to change the listening port for SSH on a macOS machine to improve the security of your remote access.

Step-by-step tutorial:

  • Open the terminal on your macOS machine and enter the following command to open the /etc/services file:sudo nano /etc/services
  • Scroll down until you find the lines related to the SSH service. You can also find them by searching for the port number 22. The two lines will appear as follows:
ssh           22/udp # SSH Remote Login Protocol
ssh           22/tcp # SSH Remote Login Protocol      
  • Now modify the port numbers in both lines to the number you’ve chosen. It is recommended to choose a port number between 20000 and 40000, as ports outside this range are typically reserved for native macOS services or may be allocated as ephemeral ports. Here some references for the record: https://support.apple.com/en-us/HT202944. Don’t mind for the line space formatting, it will work not matter how.
  • Save the file by pressing CTRL + O and then Enter. Exit the editor by pressing CTRL + X.

WARNING: Once you change the SSH listening port, all new connections you try to establish via the ssh command will try to use that port instead of the default port 22. If you want to modify this behavior, you will have to change the SSH default client port through the ssh_config file. To do that just check the next section on this article. Alternatively, you can just specify the desired port each time you try to connect via SSH by using the -p flag.

In other words, to connect to an SSH server listening on port 22, you would need to use the following command:ssh -p 22 username@server instead of the standard ssh username@server .

Restore SSH client default behaviour

In case you want to stick with having the SSH command establishing new connections through port 22, follow along these steps:

  1. Open the /etc/ssh/ssh_config file using the following command: sudo nano /etc/ssh/ssh_config
  2. Locate the line that reads #Port 22 and remove the # to uncomment the line.
  3. Save the file by pressing CTRL + O and then Enter. Exit the editor by pressing CTRL + X.

After having completed all the steps above, including the optional ones related to restoring the default SSH client behaviour related to which port to connect to, you will have to restart the SSH server. To restart the SSH server, go to the Settings app and toggle the Remote Login option off and then on again.

Your SSH server will now be listening on the new port and the SSH command will connect using the default port 22. You’re good to go.

If you have any questions or need support, please don’t hesitate to leave a comment below.

Conclusion

Changing the listening port for SSH is just one of many security measures you can take to secure your remote access. It is also important to secure your home router and limit external access to only trusted sources. For additional security, consider disabling password authentication and using key-based authentication as outlined in our article “Secure Your macOS Remote SSH Access by Disabling Password Login”:

If you liked 👏 this article you may enjoy reading through some of my other articles. Oh, and don’t forget to follow me! 🫵

Further reading

Below, you can find some of my other articles:

Ssh
Macos
Security
Cybersecurity
Networking
Recommended from ReadMedium