I can't ssh on localhost at a certain port on os x

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
4
down vote

favorite
1












Here are basics information:



$ which ssh
/opt/local/bin/ssh


It's like that because I'm using MacPorts and it did install there.
I did the sudo port load openssh



When doing a netstat -an | grep LISTEN on reboot. I have this:



tcp4 0 0 *.2222 *.* LISTEN
tcp6 0 0 *.2222 *.* LISTEN
tcp46 0 0 *.5900 *.* LISTEN
tcp4 0 0 *.88 *.* LISTEN
tcp6 0 0 *.88 *.* LISTEN
tcp4 0 0 *.631 *.* LISTEN
tcp6 0 0 *.631 *.* LISTEN
tcp4 0 0 *.22 *.* LISTEN
tcp6 0 0 *.22 *.* LISTEN
tcp4 0 0 *.139 *.* LISTEN
tcp4 0 0 *.445 *.* LISTEN
tcp4 0 0 *.548 *.* LISTEN
tcp6 0 0 *.548 *.* LISTEN
tcp4 0 0 127.0.0.1.631 *.* LISTEN
tcp6 0 0 ::1.631 *.* LISTEN


then here are the results of nmap:



-pierre@evian.local ~ nmap -p 22 localhost 0 --15:23--

Starting Nmap 5.50 ( http://nmap.org ) at 2011-02-10 15:24 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000083s latency).
PORT STATE SERVICE
22/tcp open ssh

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds
-pierre@evian.local ~ nmap -p 2222 localhost 0 --15:24--

Starting Nmap 5.50 ( http://nmap.org ) at 2011-02-10 15:25 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000072s latency).
PORT STATE SERVICE
2222/tcp open EtherNet/IP-1

Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds


Now what happen when I try to ssh on localhost



-pierre@evian.local ~ ssh localhost 0 --15:30--
Connection closed by 127.0.0.1


When specifying the 2222 port.



-pierre@evian.local ~ ssh localhost -p 2222 255 --15:31--
Last login: Thu Feb 10 15:18:00 2011 from localhost


Succeed! The reason: I found it in the sshd_config file on the /opt/local/etc/ location. port 2222 here the file:



-pierre@evian.local ~ cat /opt/local/etc/ssh/sshd_config | less 0 --15:29--

# $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

Port 2222


So I decided to change the port in that file to 22



relaunch the service with unload/load as follow:



-pierre@evian.local /opt/local/etc/ssh ssh localhost -p 2222 0 --15:35--
Last login: Thu Feb 10 15:32:15 2011 from localhost
-pierre@evian.local ~ sudo port unload openssh 0 --15:35--
-pierre@evian.local ~ sudo port load openssh 0 --15:36--
-pierre@evian.local ~ ssh localhost -p 2222 0 --15:36--
ssh: connect to host localhost port 2222: Connection refused


Well, I'm feeling lucky and I try ssh localhost



-pierre@evian.local ~ ssh localhost 255 --15:36--
Connection closed by 127.0.0.1


No such a thing as luck I suppose. Here is a -vv of the command:



-pierre@evian.local ~ ssh -vv localhost 255 --15:37--
OpenSSH_5.6p1, OpenSSL 1.0.0c 2 Dec 2010
debug1: Reading configuration data /opt/local/etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /Users/pierre/.ssh/id_rsa type 1
debug1: identity file /Users/pierre/.ssh/id_rsa-cert type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /Users/pierre/.ssh/id_dsa type 2
debug1: identity file /Users/pierre/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 127/256
debug2: bits set: 520/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /Users/pierre/.ssh/known_hosts:1
debug2: bits set: 534/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/pierre/.ssh/id_rsa (0x10030e540)
debug2: key: /Users/pierre/.ssh/id_dsa (0x10031dcf0)
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/pierre/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
Connection closed by 127.0.0.1


What do you think?






ssh osx openssh







share|improve this question























  • Very nicely asked question.
    – gabe.
    Feb 10 '11 at 16:49














up vote
4
down vote

favorite
1












Here are basics information:



$ which ssh
/opt/local/bin/ssh


It's like that because I'm using MacPorts and it did install there.
I did the sudo port load openssh



When doing a netstat -an | grep LISTEN on reboot. I have this:



tcp4 0 0 *.2222 *.* LISTEN
tcp6 0 0 *.2222 *.* LISTEN
tcp46 0 0 *.5900 *.* LISTEN
tcp4 0 0 *.88 *.* LISTEN
tcp6 0 0 *.88 *.* LISTEN
tcp4 0 0 *.631 *.* LISTEN
tcp6 0 0 *.631 *.* LISTEN
tcp4 0 0 *.22 *.* LISTEN
tcp6 0 0 *.22 *.* LISTEN
tcp4 0 0 *.139 *.* LISTEN
tcp4 0 0 *.445 *.* LISTEN
tcp4 0 0 *.548 *.* LISTEN
tcp6 0 0 *.548 *.* LISTEN
tcp4 0 0 127.0.0.1.631 *.* LISTEN
tcp6 0 0 ::1.631 *.* LISTEN


then here are the results of nmap:



-pierre@evian.local ~ nmap -p 22 localhost 0 --15:23--

Starting Nmap 5.50 ( http://nmap.org ) at 2011-02-10 15:24 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000083s latency).
PORT STATE SERVICE
22/tcp open ssh

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds
-pierre@evian.local ~ nmap -p 2222 localhost 0 --15:24--

Starting Nmap 5.50 ( http://nmap.org ) at 2011-02-10 15:25 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000072s latency).
PORT STATE SERVICE
2222/tcp open EtherNet/IP-1

Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds


Now what happen when I try to ssh on localhost



-pierre@evian.local ~ ssh localhost 0 --15:30--
Connection closed by 127.0.0.1


When specifying the 2222 port.



-pierre@evian.local ~ ssh localhost -p 2222 255 --15:31--
Last login: Thu Feb 10 15:18:00 2011 from localhost


Succeed! The reason: I found it in the sshd_config file on the /opt/local/etc/ location. port 2222 here the file:



-pierre@evian.local ~ cat /opt/local/etc/ssh/sshd_config | less 0 --15:29--

# $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

Port 2222


So I decided to change the port in that file to 22



relaunch the service with unload/load as follow:



-pierre@evian.local /opt/local/etc/ssh ssh localhost -p 2222 0 --15:35--
Last login: Thu Feb 10 15:32:15 2011 from localhost
-pierre@evian.local ~ sudo port unload openssh 0 --15:35--
-pierre@evian.local ~ sudo port load openssh 0 --15:36--
-pierre@evian.local ~ ssh localhost -p 2222 0 --15:36--
ssh: connect to host localhost port 2222: Connection refused


Well, I'm feeling lucky and I try ssh localhost



-pierre@evian.local ~ ssh localhost 255 --15:36--
Connection closed by 127.0.0.1


No such a thing as luck I suppose. Here is a -vv of the command:



-pierre@evian.local ~ ssh -vv localhost 255 --15:37--
OpenSSH_5.6p1, OpenSSL 1.0.0c 2 Dec 2010
debug1: Reading configuration data /opt/local/etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /Users/pierre/.ssh/id_rsa type 1
debug1: identity file /Users/pierre/.ssh/id_rsa-cert type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /Users/pierre/.ssh/id_dsa type 2
debug1: identity file /Users/pierre/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 127/256
debug2: bits set: 520/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /Users/pierre/.ssh/known_hosts:1
debug2: bits set: 534/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/pierre/.ssh/id_rsa (0x10030e540)
debug2: key: /Users/pierre/.ssh/id_dsa (0x10031dcf0)
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/pierre/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
Connection closed by 127.0.0.1


What do you think?






ssh osx openssh







share|improve this question























  • Very nicely asked question.
    – gabe.
    Feb 10 '11 at 16:49












up vote
4
down vote

favorite
1









up vote
4
down vote

favorite
1






1





Here are basics information:



$ which ssh
/opt/local/bin/ssh


It's like that because I'm using MacPorts and it did install there.
I did the sudo port load openssh



When doing a netstat -an | grep LISTEN on reboot. I have this:



tcp4 0 0 *.2222 *.* LISTEN
tcp6 0 0 *.2222 *.* LISTEN
tcp46 0 0 *.5900 *.* LISTEN
tcp4 0 0 *.88 *.* LISTEN
tcp6 0 0 *.88 *.* LISTEN
tcp4 0 0 *.631 *.* LISTEN
tcp6 0 0 *.631 *.* LISTEN
tcp4 0 0 *.22 *.* LISTEN
tcp6 0 0 *.22 *.* LISTEN
tcp4 0 0 *.139 *.* LISTEN
tcp4 0 0 *.445 *.* LISTEN
tcp4 0 0 *.548 *.* LISTEN
tcp6 0 0 *.548 *.* LISTEN
tcp4 0 0 127.0.0.1.631 *.* LISTEN
tcp6 0 0 ::1.631 *.* LISTEN


then here are the results of nmap:



-pierre@evian.local ~ nmap -p 22 localhost 0 --15:23--

Starting Nmap 5.50 ( http://nmap.org ) at 2011-02-10 15:24 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000083s latency).
PORT STATE SERVICE
22/tcp open ssh

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds
-pierre@evian.local ~ nmap -p 2222 localhost 0 --15:24--

Starting Nmap 5.50 ( http://nmap.org ) at 2011-02-10 15:25 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000072s latency).
PORT STATE SERVICE
2222/tcp open EtherNet/IP-1

Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds


Now what happen when I try to ssh on localhost



-pierre@evian.local ~ ssh localhost 0 --15:30--
Connection closed by 127.0.0.1


When specifying the 2222 port.



-pierre@evian.local ~ ssh localhost -p 2222 255 --15:31--
Last login: Thu Feb 10 15:18:00 2011 from localhost


Succeed! The reason: I found it in the sshd_config file on the /opt/local/etc/ location. port 2222 here the file:



-pierre@evian.local ~ cat /opt/local/etc/ssh/sshd_config | less 0 --15:29--

# $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

Port 2222


So I decided to change the port in that file to 22



relaunch the service with unload/load as follow:



-pierre@evian.local /opt/local/etc/ssh ssh localhost -p 2222 0 --15:35--
Last login: Thu Feb 10 15:32:15 2011 from localhost
-pierre@evian.local ~ sudo port unload openssh 0 --15:35--
-pierre@evian.local ~ sudo port load openssh 0 --15:36--
-pierre@evian.local ~ ssh localhost -p 2222 0 --15:36--
ssh: connect to host localhost port 2222: Connection refused


Well, I'm feeling lucky and I try ssh localhost



-pierre@evian.local ~ ssh localhost 255 --15:36--
Connection closed by 127.0.0.1


No such a thing as luck I suppose. Here is a -vv of the command:



-pierre@evian.local ~ ssh -vv localhost 255 --15:37--
OpenSSH_5.6p1, OpenSSL 1.0.0c 2 Dec 2010
debug1: Reading configuration data /opt/local/etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /Users/pierre/.ssh/id_rsa type 1
debug1: identity file /Users/pierre/.ssh/id_rsa-cert type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /Users/pierre/.ssh/id_dsa type 2
debug1: identity file /Users/pierre/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 127/256
debug2: bits set: 520/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /Users/pierre/.ssh/known_hosts:1
debug2: bits set: 534/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/pierre/.ssh/id_rsa (0x10030e540)
debug2: key: /Users/pierre/.ssh/id_dsa (0x10031dcf0)
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/pierre/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
Connection closed by 127.0.0.1


What do you think?






ssh osx openssh







share|improve this question















Here are basics information:



$ which ssh
/opt/local/bin/ssh


It's like that because I'm using MacPorts and it did install there.
I did the sudo port load openssh



When doing a netstat -an | grep LISTEN on reboot. I have this:



tcp4 0 0 *.2222 *.* LISTEN
tcp6 0 0 *.2222 *.* LISTEN
tcp46 0 0 *.5900 *.* LISTEN
tcp4 0 0 *.88 *.* LISTEN
tcp6 0 0 *.88 *.* LISTEN
tcp4 0 0 *.631 *.* LISTEN
tcp6 0 0 *.631 *.* LISTEN
tcp4 0 0 *.22 *.* LISTEN
tcp6 0 0 *.22 *.* LISTEN
tcp4 0 0 *.139 *.* LISTEN
tcp4 0 0 *.445 *.* LISTEN
tcp4 0 0 *.548 *.* LISTEN
tcp6 0 0 *.548 *.* LISTEN
tcp4 0 0 127.0.0.1.631 *.* LISTEN
tcp6 0 0 ::1.631 *.* LISTEN


then here are the results of nmap:



-pierre@evian.local ~ nmap -p 22 localhost 0 --15:23--

Starting Nmap 5.50 ( http://nmap.org ) at 2011-02-10 15:24 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000083s latency).
PORT STATE SERVICE
22/tcp open ssh

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds
-pierre@evian.local ~ nmap -p 2222 localhost 0 --15:24--

Starting Nmap 5.50 ( http://nmap.org ) at 2011-02-10 15:25 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000072s latency).
PORT STATE SERVICE
2222/tcp open EtherNet/IP-1

Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds


Now what happen when I try to ssh on localhost



-pierre@evian.local ~ ssh localhost 0 --15:30--
Connection closed by 127.0.0.1


When specifying the 2222 port.



-pierre@evian.local ~ ssh localhost -p 2222 255 --15:31--
Last login: Thu Feb 10 15:18:00 2011 from localhost


Succeed! The reason: I found it in the sshd_config file on the /opt/local/etc/ location. port 2222 here the file:



-pierre@evian.local ~ cat /opt/local/etc/ssh/sshd_config | less 0 --15:29--

# $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

Port 2222


So I decided to change the port in that file to 22



relaunch the service with unload/load as follow:



-pierre@evian.local /opt/local/etc/ssh ssh localhost -p 2222 0 --15:35--
Last login: Thu Feb 10 15:32:15 2011 from localhost
-pierre@evian.local ~ sudo port unload openssh 0 --15:35--
-pierre@evian.local ~ sudo port load openssh 0 --15:36--
-pierre@evian.local ~ ssh localhost -p 2222 0 --15:36--
ssh: connect to host localhost port 2222: Connection refused


Well, I'm feeling lucky and I try ssh localhost



-pierre@evian.local ~ ssh localhost 255 --15:36--
Connection closed by 127.0.0.1


No such a thing as luck I suppose. Here is a -vv of the command:



-pierre@evian.local ~ ssh -vv localhost 255 --15:37--
OpenSSH_5.6p1, OpenSSL 1.0.0c 2 Dec 2010
debug1: Reading configuration data /opt/local/etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /Users/pierre/.ssh/id_rsa type 1
debug1: identity file /Users/pierre/.ssh/id_rsa-cert type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /Users/pierre/.ssh/id_dsa type 2
debug1: identity file /Users/pierre/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 127/256
debug2: bits set: 520/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /Users/pierre/.ssh/known_hosts:1
debug2: bits set: 534/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/pierre/.ssh/id_rsa (0x10030e540)
debug2: key: /Users/pierre/.ssh/id_dsa (0x10031dcf0)
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/pierre/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
Connection closed by 127.0.0.1


What do you think?






ssh osx openssh




ssh osx openssh






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 30 mins ago









Rui F Ribeiro

37.3k1374118




37.3k1374118










asked Feb 10 '11 at 14:42









Pierre Guilbert

1836




1836











  • Very nicely asked question.
    – gabe.
    Feb 10 '11 at 16:49
















  • Very nicely asked question.
    – gabe.
    Feb 10 '11 at 16:49















Very nicely asked question.
– gabe.
Feb 10 '11 at 16:49




Very nicely asked question.
– gabe.
Feb 10 '11 at 16:49










1 Answer
1






active

oldest

votes

















up vote
5
down vote



accepted










OS X comes with sshd already. It's running if you enable "Remote Login" in System Preferences under Sharing.



If all you want to do is make it listen on a non-default port, the trick is as follows:



  1. Open /System/Library/LaunchDaemons/ssh.plist in your favorite text editor.


  2. Find the SockServiceName key.


  3. Change the string value to something like ssh-alt, then save the plist file.


  4. Add an entry for ssh-alt to the /etc/services file.


  5. Go into the Sharing preference pane and toggle the "Remote Login" checkbox off and back on. You'll find that the native sshd is now listening on the other port.


You'd think you could avoid all that by editing /etc/sshd_config, but you'd be wrong. The native sshd pays attention to the plist file, only.






share|improve this answer
















  • 1




    Well, it did work. I owe you one. Thank you for your clear description and time!
    – Pierre Guilbert
    Feb 10 '11 at 15:41






  • 1




    The ports for the sshd that is bundled with Mac OS X can not be configured through /etc/sshd_config because the bundled sshd is launched in “inetd mode”. In this mode sshd expects stdin and stdout to be already connected to the client, so it has no say over what port or protocols are used to listen for and accept clients. /etc/sshd_config is still effective for configuring other aspects of the default sshd. The plist file for the MacPorts sshd does not use “inetd mode”, so the ports for that sshd can be configured in its configuration file (/opt/local/etc/ssh/sshd_config).
    – Chris Johnsen
    Feb 11 '11 at 3:22






  • 1




    Thanks for the explanation, Chris. I didn't mean to imply that the native sshd ignored everything in sshd_config, only the Port setting. I like to turn off PermitRootLogin and PasswordAuthentication in mine on any host I've got port-forwarded to the Internet. Using a different port number is part of that securing process. It's merely "security through obscurity", but it does cut down on a whole lot of bot attack traffic nevertheless.
    – Warren Young
    Feb 11 '11 at 13:29











Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f7197%2fi-cant-ssh-on-localhost-at-a-certain-port-on-os-x%23new-answer', 'question_page');

);

Post as a guest

















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
5
down vote



accepted










OS X comes with sshd already. It's running if you enable "Remote Login" in System Preferences under Sharing.



If all you want to do is make it listen on a non-default port, the trick is as follows:



  1. Open /System/Library/LaunchDaemons/ssh.plist in your favorite text editor.


  2. Find the SockServiceName key.


  3. Change the string value to something like ssh-alt, then save the plist file.


  4. Add an entry for ssh-alt to the /etc/services file.


  5. Go into the Sharing preference pane and toggle the "Remote Login" checkbox off and back on. You'll find that the native sshd is now listening on the other port.


You'd think you could avoid all that by editing /etc/sshd_config, but you'd be wrong. The native sshd pays attention to the plist file, only.






share|improve this answer
















  • 1




    Well, it did work. I owe you one. Thank you for your clear description and time!
    – Pierre Guilbert
    Feb 10 '11 at 15:41






  • 1




    The ports for the sshd that is bundled with Mac OS X can not be configured through /etc/sshd_config because the bundled sshd is launched in “inetd mode”. In this mode sshd expects stdin and stdout to be already connected to the client, so it has no say over what port or protocols are used to listen for and accept clients. /etc/sshd_config is still effective for configuring other aspects of the default sshd. The plist file for the MacPorts sshd does not use “inetd mode”, so the ports for that sshd can be configured in its configuration file (/opt/local/etc/ssh/sshd_config).
    – Chris Johnsen
    Feb 11 '11 at 3:22






  • 1




    Thanks for the explanation, Chris. I didn't mean to imply that the native sshd ignored everything in sshd_config, only the Port setting. I like to turn off PermitRootLogin and PasswordAuthentication in mine on any host I've got port-forwarded to the Internet. Using a different port number is part of that securing process. It's merely "security through obscurity", but it does cut down on a whole lot of bot attack traffic nevertheless.
    – Warren Young
    Feb 11 '11 at 13:29















up vote
5
down vote



accepted










OS X comes with sshd already. It's running if you enable "Remote Login" in System Preferences under Sharing.



If all you want to do is make it listen on a non-default port, the trick is as follows:



  1. Open /System/Library/LaunchDaemons/ssh.plist in your favorite text editor.


  2. Find the SockServiceName key.


  3. Change the string value to something like ssh-alt, then save the plist file.


  4. Add an entry for ssh-alt to the /etc/services file.


  5. Go into the Sharing preference pane and toggle the "Remote Login" checkbox off and back on. You'll find that the native sshd is now listening on the other port.


You'd think you could avoid all that by editing /etc/sshd_config, but you'd be wrong. The native sshd pays attention to the plist file, only.






share|improve this answer
















  • 1




    Well, it did work. I owe you one. Thank you for your clear description and time!
    – Pierre Guilbert
    Feb 10 '11 at 15:41






  • 1




    The ports for the sshd that is bundled with Mac OS X can not be configured through /etc/sshd_config because the bundled sshd is launched in “inetd mode”. In this mode sshd expects stdin and stdout to be already connected to the client, so it has no say over what port or protocols are used to listen for and accept clients. /etc/sshd_config is still effective for configuring other aspects of the default sshd. The plist file for the MacPorts sshd does not use “inetd mode”, so the ports for that sshd can be configured in its configuration file (/opt/local/etc/ssh/sshd_config).
    – Chris Johnsen
    Feb 11 '11 at 3:22






  • 1




    Thanks for the explanation, Chris. I didn't mean to imply that the native sshd ignored everything in sshd_config, only the Port setting. I like to turn off PermitRootLogin and PasswordAuthentication in mine on any host I've got port-forwarded to the Internet. Using a different port number is part of that securing process. It's merely "security through obscurity", but it does cut down on a whole lot of bot attack traffic nevertheless.
    – Warren Young
    Feb 11 '11 at 13:29













up vote
5
down vote



accepted







up vote
5
down vote



accepted






OS X comes with sshd already. It's running if you enable "Remote Login" in System Preferences under Sharing.



If all you want to do is make it listen on a non-default port, the trick is as follows:



  1. Open /System/Library/LaunchDaemons/ssh.plist in your favorite text editor.


  2. Find the SockServiceName key.


  3. Change the string value to something like ssh-alt, then save the plist file.


  4. Add an entry for ssh-alt to the /etc/services file.


  5. Go into the Sharing preference pane and toggle the "Remote Login" checkbox off and back on. You'll find that the native sshd is now listening on the other port.


You'd think you could avoid all that by editing /etc/sshd_config, but you'd be wrong. The native sshd pays attention to the plist file, only.






share|improve this answer












OS X comes with sshd already. It's running if you enable "Remote Login" in System Preferences under Sharing.



If all you want to do is make it listen on a non-default port, the trick is as follows:



  1. Open /System/Library/LaunchDaemons/ssh.plist in your favorite text editor.


  2. Find the SockServiceName key.


  3. Change the string value to something like ssh-alt, then save the plist file.


  4. Add an entry for ssh-alt to the /etc/services file.


  5. Go into the Sharing preference pane and toggle the "Remote Login" checkbox off and back on. You'll find that the native sshd is now listening on the other port.


You'd think you could avoid all that by editing /etc/sshd_config, but you'd be wrong. The native sshd pays attention to the plist file, only.







share|improve this answer












share|improve this answer



share|improve this answer










answered Feb 10 '11 at 15:23









Warren Young

53.7k8140144




53.7k8140144







  • 1




    Well, it did work. I owe you one. Thank you for your clear description and time!
    – Pierre Guilbert
    Feb 10 '11 at 15:41






  • 1




    The ports for the sshd that is bundled with Mac OS X can not be configured through /etc/sshd_config because the bundled sshd is launched in “inetd mode”. In this mode sshd expects stdin and stdout to be already connected to the client, so it has no say over what port or protocols are used to listen for and accept clients. /etc/sshd_config is still effective for configuring other aspects of the default sshd. The plist file for the MacPorts sshd does not use “inetd mode”, so the ports for that sshd can be configured in its configuration file (/opt/local/etc/ssh/sshd_config).
    – Chris Johnsen
    Feb 11 '11 at 3:22






  • 1




    Thanks for the explanation, Chris. I didn't mean to imply that the native sshd ignored everything in sshd_config, only the Port setting. I like to turn off PermitRootLogin and PasswordAuthentication in mine on any host I've got port-forwarded to the Internet. Using a different port number is part of that securing process. It's merely "security through obscurity", but it does cut down on a whole lot of bot attack traffic nevertheless.
    – Warren Young
    Feb 11 '11 at 13:29













  • 1




    Well, it did work. I owe you one. Thank you for your clear description and time!
    – Pierre Guilbert
    Feb 10 '11 at 15:41






  • 1




    The ports for the sshd that is bundled with Mac OS X can not be configured through /etc/sshd_config because the bundled sshd is launched in “inetd mode”. In this mode sshd expects stdin and stdout to be already connected to the client, so it has no say over what port or protocols are used to listen for and accept clients. /etc/sshd_config is still effective for configuring other aspects of the default sshd. The plist file for the MacPorts sshd does not use “inetd mode”, so the ports for that sshd can be configured in its configuration file (/opt/local/etc/ssh/sshd_config).
    – Chris Johnsen
    Feb 11 '11 at 3:22






  • 1




    Thanks for the explanation, Chris. I didn't mean to imply that the native sshd ignored everything in sshd_config, only the Port setting. I like to turn off PermitRootLogin and PasswordAuthentication in mine on any host I've got port-forwarded to the Internet. Using a different port number is part of that securing process. It's merely "security through obscurity", but it does cut down on a whole lot of bot attack traffic nevertheless.
    – Warren Young
    Feb 11 '11 at 13:29








1




1




Well, it did work. I owe you one. Thank you for your clear description and time!
– Pierre Guilbert
Feb 10 '11 at 15:41




Well, it did work. I owe you one. Thank you for your clear description and time!
– Pierre Guilbert
Feb 10 '11 at 15:41




1




1




The ports for the sshd that is bundled with Mac OS X can not be configured through /etc/sshd_config because the bundled sshd is launched in “inetd mode”. In this mode sshd expects stdin and stdout to be already connected to the client, so it has no say over what port or protocols are used to listen for and accept clients. /etc/sshd_config is still effective for configuring other aspects of the default sshd. The plist file for the MacPorts sshd does not use “inetd mode”, so the ports for that sshd can be configured in its configuration file (/opt/local/etc/ssh/sshd_config).
– Chris Johnsen
Feb 11 '11 at 3:22




The ports for the sshd that is bundled with Mac OS X can not be configured through /etc/sshd_config because the bundled sshd is launched in “inetd mode”. In this mode sshd expects stdin and stdout to be already connected to the client, so it has no say over what port or protocols are used to listen for and accept clients. /etc/sshd_config is still effective for configuring other aspects of the default sshd. The plist file for the MacPorts sshd does not use “inetd mode”, so the ports for that sshd can be configured in its configuration file (/opt/local/etc/ssh/sshd_config).
– Chris Johnsen
Feb 11 '11 at 3:22




1




1




Thanks for the explanation, Chris. I didn't mean to imply that the native sshd ignored everything in sshd_config, only the Port setting. I like to turn off PermitRootLogin and PasswordAuthentication in mine on any host I've got port-forwarded to the Internet. Using a different port number is part of that securing process. It's merely "security through obscurity", but it does cut down on a whole lot of bot attack traffic nevertheless.
– Warren Young
Feb 11 '11 at 13:29





Thanks for the explanation, Chris. I didn't mean to imply that the native sshd ignored everything in sshd_config, only the Port setting. I like to turn off PermitRootLogin and PasswordAuthentication in mine on any host I've got port-forwarded to the Internet. Using a different port number is part of that securing process. It's merely "security through obscurity", but it does cut down on a whole lot of bot attack traffic nevertheless.
– Warren Young
Feb 11 '11 at 13:29


















 

draft saved


draft discarded















































 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f7197%2fi-cant-ssh-on-localhost-at-a-certain-port-on-os-x%23new-answer', 'question_page');

);

Post as a guest
































































-

Popular posts from this blog

How to check contact read email or not when send email to Individual?

Image
Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Sep 26 at 0:12 ToanLuong 49 9 add a comment  |  up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Se
Read more

Bahrain

Image
For other uses, see Bahrain (disambiguation). Sovereign island state in the Persian Gulf Kingdom of Bahrain مملكة البحرين   (Arabic) Mamlakat al-Baḥrayn Flag Coat of arms Anthem:  نشيد البحرين الوطني Bahrainona Our Bahrain Location of   Bahrain    (circled in red) Capital and largest city Manama 26°13′N 50°35′E  /  26.217°N 50.583°E  / 26.217; 50.583 Official languages Arabic Ethnic groups (2010 [1] ) 50.7% Arab (46% Bahrani, 4.7% other Arabs) 45.5% Asian 1% European 1.2% Others Religion Islam Demonym(s) Bahraini Government Unitary constitutional monarchy • King Hamad bin Isa Al Khalifa • Crown Prince Salman bin Hamad bin Isa Al Khalifa • Prime Minister Khalifa bin Salman Al Khalifa Legislature National Assembly • Upper house Consultative Council • Lower house Council of Representatives Independence • Declared Independence [2] 14 August 1971 • from United Kingdom [1] 15 August 1971 • Admitted to the United Nations 21 September 1971 • Kingdom of Bahrain 14 February 2002
Read more

Postfix configuration issue with fips on centos 7; mailgun relay

Image
Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I am trying to setup postfix to relay all mail generated on the local machine via SMTP to a mailgun relay. I have used the mailgun relay before with success on an ubuntu server, but I am migrating to a Centos 7 server which I will be running in FIPS mode. There error log is below, slightly sanitized. I have a small enough network that I choose to have each machine reach out to mailgun individually (this the loopback-only, 127.0.0.0/8 restrictions) and no firewall open port allowing smtp in to the machine. I assume the FIPS mode (and with it disabling of MD5) is causing problems, but I don't know how to overcome it or if it is even possible for tls_fprint to use some supported hash such as sha256 or sha512. However, the relay=none is slightly concerning since I have relayhost set, but perhaps that is because the smtp process is failing? Any help would be appreciated! postconf -n: alias_database = hash:/etc/alia
Read more