I use SSH extensively for intersystem communication within a private (192.x.x.x) network. Now there is a need to allow only some functions (notably SCP) with a couple of servers from the external world. So, continuing to use port 22 internally, I would like to set up a more limited SSH server (say on port 10022) for access from the internet (yes, I am aware of the risks and take the responsibility if it all falls apart).
I don't see that question addressed here at Ask Different(ly). I see there is a /etc/ssh/sshd_config file and it looks pretty standard... is it just a matter of duplicating and modifying that, and doing the same with a plist? If so, where would I find that plist?
(I found /System/Library/LaunchDaemons/ssh.plist but that says it's disabled. I also found /System/Library/LaunchAgents/com.openssh.ssh-agent.plist but I'm not sure that's right either, especially since it is in the Agents (not Daemons) directory.
Currenly, the active lines in /etc/ssh/sshd_config_alt are:
Port xxxxx SyslogFacility AUTH LogLevel INFO PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no AllowAgentForwarding no AllowTcpForwarding no PermitTTY no PermitUserEnvironment no ForceCommand internal-sftp This is what transpires when a person tries to SSH to that system
> ssh -p nnnnn macstudio PTY allocation request failed on channel 0 This service allows sftp connections only. Connection to macstudio closed. Of course, the modified port 22 /etc/ssh/sshd_config file limits the incoming connections to local network.
sshdbe more restrictive than the standard one?sshd -f /path/to/configfilestartssshdand listens on whatever port you defined in that config file.