User profile for user: kiwi66
kiwi66 Author
User level: Level 1
49 points

SSH port change for security reasons is impossible. *SECURITY-ISSUE*

Hello


I would like to change the default ssh port the ssh daemon is answering on.

This to make it less likely script kiddies find that access. It reduces load on my Mac as it doesn't have to constantly answer password guessing a million leaked passwords.


To do this on any decent Unix system you edit /etc/ssh/sshd_config and set Port=... and restart the daemon.

This used to work in older MacOS X releases.


on MacOS Sequoia this approach doesn't work because the port is overridden in launchctl.


/System/Library/LaunchDaemons/ssh.plist


contains


<key>SockServiceName</key>

<string>ssh</string>


so it answers on the "ssh" port specified in /etc/services which is 22.

If you change /etc/services, then outbound ssh connections would also use a different port (which is not the intention here)


So the logical change is to edit /System/Library/LaunchDaemons/ssh.plist but even root can not change this because Apple has locked down Macs so much that system Administrators with over 30 years of Unix experience are not trusted anymore


I filed a bugreport radar://20289057 but the answer was, ask AppleSupport instead.
I contacted AppleSupport and I got the feedback that open a terminal window is 
like a not supported feature anymore.

So MacOS 15.17.1 is the last MacOS I will ever run after being loyal to MacOS since 1984 
and having spent millions of dollars over the years on Apple products.
The M series CPU's are fantastic CPU's but the software has deteriorated from a 
powerhouse for power users to a MikeyMouse OS for people who run Tiktok, Instagram 
and other "everyone does it so I have to do it too" software.

However any serious work can no longer be done with MacOS.
Signature madness, Gatekeeper, AppStore entitlements and many many such issues like 
the one mentioned kill any groundbreaking innovative projects which could come to the Mac.
There used to be a time where you can run Routers of MacOS. Not possible anymore
There used to be a time where you can run Layer4 network protocols on MacOS. Not possible anymroe
There used to be a time where you can control your own hardware. Not possible anymore.


Posted on Sep 30, 2025 12:45 AM

Reply

There are no replies.

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

SSH port change for security reasons is impossible. *SECURITY-ISSUE*

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up