On macOS, the SSH server (sshd) is managed by launchd, Apple's service management framework. Unlike Linux systems where you simply edit /etc/ssh/sshd_config, macOS requires additional steps due to its System Integrity Protection (SIP) and launchd integration.
Here's the complete process to change the default SSH port (22) to a custom port (e.g., 32):
# 1. First, create or edit the sshd config file
sudo nano /etc/ssh/sshd_config
# 2. Find and uncomment the Port line, change it to:
Port 32
# 3. Save and exit the editorSince macOS manages SSH via launchd, we need to modify its plist file:
# 1. Create a backup of the original plist
sudo cp /System/Library/LaunchDaemons/ssh.plist ~/ssh.plist.backup
# 2. Edit the plist file
sudo vim /System/Library/LaunchDaemons/ssh.plist
# 3. Locate the SockServiceName key and change its value from 'ssh' to your custom port numberDon't forget to update your firewall rules:
# Add the new port to pf firewall
echo "pass in proto tcp from any to any port 32" | sudo pfctl -ef -After making these changes, restart the SSH service:
# Unload the current SSH service
sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist
# Load it with new configuration
sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plistCheck if SSH is listening on the new port:
# Check listening ports
netstat -an | grep LISTEN | grep 32
# Test SSH connection
ssh -p 32 username@localhostIf you encounter problems, consider these checks:
- Verify SIP status with
csrutil status - Check for port conflicts with
lsof -i :32 - Review system logs with
log show --predicate 'process == "sshd"' --last 10m
The SSH daemon (sshd) on macOS uses a slightly different configuration approach compared to typical Linux distributions. The main configuration file is actually located at:
/etc/ssh/sshd_config
Not /etc/sshd_config as some might expect. This difference is important because modifying the wrong file won't have any effect.
Here's how to properly change the SSH port on any macOS version:
# 1. Backup the original config
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
# 2. Edit the configuration
sudo nano /etc/ssh/sshd_config
Find the line (or add it if missing):
#Port 22
Uncomment and change it to your desired port (e.g., 32):
Port 32
On newer macOS versions with System Integrity Protection (SIP):
# Add the new port to the built-in firewall
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --add /usr/sbin/sshd
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp /usr/sbin/sshd
The method varies by macOS version:
# For macOS 10.10+ with launchd:
sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist
sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist
# Alternative method that works on most versions:
sudo systemctl restart sshd
Check if SSHD is listening on the new port:
sudo lsof -i :32
You should see output similar to:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 123 root 3u IPv6 0xabcdef123456789 0t0 TCP *:32 (LISTEN)
If you can't connect after changing the port:
# Check if SSH is actually running:
sudo systemctl status sshd
# Verify macOS firewall isn't blocking:
sudo pfctl -sr | grep ssh
Remember to update any SSH client configurations or automation scripts that connect to this server to use the new port number.