How to enable multiple sshd ports in Mountain Lion

plistssh

I have multiple machines on my network that I access regularly using ssh. I want to enable remote access through port forwarding, which means I'll need separate sshd ports for each machine. That said, I'd like to continue to use port 22 for local access.

I realize that I have to add the configs to /etc/services and that the key to my answer lies in sshd.plist. I've attempted to follow various suggestions online, all of which seem to indicate that the plist files exist in different locations than mine do. One suggested ssh.plist and another sshd.plist. My changes to ssh.plist accomplished nothing. Another suggested changing sshd.plist, which didn't even exist on my machine, but /System/Library/LaunchDaemons/com.apple.FileSyncAgent.sshd.plist does. I was going to make and rename a copy of that file, but I couldn't tie it to a call in /etc/services. I made a copy anyway, but then I couldn't figure out how to modify the key as it's current value had no relationship to the file name (unlike the example for ssh.plist).

So, I currently have ssh and ssh-alt set in services, two ssh.plist files that vary based on the different file names (one ssh and the other ssh-alt) and two .sshd.plist files that are mirror images of each other. When I rebooted the machine, port 22 no longer works, but my alternate port does.

Any suggestions would be appreciated.

Best Answer

Welp, I found the answer after a few more days of research, with the help of a response to this MacWorld post I thought there had to be some way to include multiple ports in the one .plist file, but I couldn't figure it out. You can add an "Alternate Listener" key to ssh.plist for the extra port inside the Sockets scope, such as:

 <key>Sockets</key>
 <dict>
         <key>Listeners</key>
         <dict>
            (...)
         </dict>
         <key>Alternate Listeners</key>
         <dict>
            <key>SockServiceName</key>
            <string>ssh-alt</string>
         </dict>
 </dict>

Notice the ssh-alt string for SockServiceName. The original "Listeners" key remains as is, so you have Listeners and Alternate Listeners. You have two entries in /etc/services for ssh and ssh-alt like:

ssh              22/udp
ssh              22/tcp
ssh-alt        4790/udp
ssh-alt        4790/tcp

which preserves the port 22 internal access and creates access via port 4790 for external use (assuming you disable port 22 and port forward port 4790 on your firewall/router.

Related Question