MacLemon · March 9, 2011 22:04
diff --git a/How to run a seconds SSHd on Mac OS X.txt b/How to run a seconds SSHd on Mac OS X.txt
 Alternative/Secondary/Backup SSH Service:


 Add this line to /etc/services
 ssh-alt         10022/tcp   # ssh-alternative
 You may change the port to any unused port you like but maybe try to avoid 2222 and 22222 as they are a little too obvious. This line actually specifies which port your alternative sshd will be listening on.

 Save the launchd item following as as /Library/LaunchDaemons/ssh-alt.plist

 Load with
 sudo launchctl load -w /Library/LaunchDaemons/ssh-alt.plist

 Unload with
 sudo launchctl unload -w /Library/LaunchDaemons/ssh-alt.plist
 if you decide to not use it anymore.

 Uses the same config as standard sshd in /etc/sshd_config except for the port. (The port setting in sshd_config is ignored.)

 This one does NOT announce itself as ssh and sftp service via Bonjour.
 It is by no means safer than any other ssh installation. It's just not affected by the usual bots that only scan port 22 for victims.

 Works from 10.4 up until 10.6.6 and server as well, haven't checked with 10.7 yet.

 Connect as usual but don't forget about the custom port.
 ssh -p 10022 [email protected]
 Or just add a 
 Port 10022
 to any Host in your ~/.ssh/config
diff --git a/ssh-alt.plist b/ssh-alt.plist
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
        <key>Label</key>
        <string>com.openssh.sshd-alt</string>
        <key>Program</key>
        <string>/usr/libexec/sshd-keygen-wrapper</string>
        <key>ProgramArguments</key>
        <array>
                <string>/usr/sbin/sshd</string>
                <string>-i</string>
        </array>
        <key>SHAuthorizationRight</key>
        <string>system.preferences</string>
        <key>Sockets</key>
        <dict>
                <key>Listeners</key>
                <dict>
                        <key>SockServiceName</key>
                        <string>ssh-alt</string>
                </dict>
        </dict>
        <key>StandardErrorPath</key>
        <string>/dev/null</string>
        <key>inetdCompatibility</key>
        <dict>
                <key>Wait</key>
                <false/>
        </dict>
 </dict>
 </plist>
	Alternative/Secondary/Backup SSH Service:


	Add this line to /etc/services
	ssh-alt 10022/tcp # ssh-alternative
	You may change the port to any unused port you like but maybe try to avoid 2222 and 22222 as they are a little too obvious. This line actually specifies which port your alternative sshd will be listening on.

	Save the launchd item following as as /Library/LaunchDaemons/ssh-alt.plist

	Load with
	sudo launchctl load -w /Library/LaunchDaemons/ssh-alt.plist

	Unload with
	sudo launchctl unload -w /Library/LaunchDaemons/ssh-alt.plist
	if you decide to not use it anymore.

	Uses the same config as standard sshd in /etc/sshd_config except for the port. (The port setting in sshd_config is ignored.)

	This one does NOT announce itself as ssh and sftp service via Bonjour.
	It is by no means safer than any other ssh installation. It's just not affected by the usual bots that only scan port 22 for victims.

	Works from 10.4 up until 10.6.6 and server as well, haven't checked with 10.7 yet.

	Connect as usual but don't forget about the custom port.
	ssh -p 10022 [email protected]
	Or just add a
	Port 10022
	to any Host in your ~/.ssh/config
	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
	<key>Label</key>
	<string>com.openssh.sshd-alt</string>
	<key>Program</key>
	<string>/usr/libexec/sshd-keygen-wrapper</string>
	<key>ProgramArguments</key>
	<array>
	<string>/usr/sbin/sshd</string>
	<string>-i</string>
	</array>
	<key>SHAuthorizationRight</key>
	<string>system.preferences</string>
	<key>Sockets</key>
	<dict>
	<key>Listeners</key>
	<dict>
	<key>SockServiceName</key>
	<string>ssh-alt</string>
	</dict>
	</dict>
	<key>StandardErrorPath</key>
	<string>/dev/null</string>
	<key>inetdCompatibility</key>
	<dict>
	<key>Wait</key>
	<false/>
	</dict>
	</dict>
	</plist>