I can't ssh on localhost at a certain port on os x

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
4
down vote

favorite
1












Here are basics information:



$ which ssh
/opt/local/bin/ssh


It's like that because I'm using MacPorts and it did install there.
I did the sudo port load openssh



When doing a netstat -an | grep LISTEN on reboot. I have this:



tcp4 0 0 *.2222 *.* LISTEN
tcp6 0 0 *.2222 *.* LISTEN
tcp46 0 0 *.5900 *.* LISTEN
tcp4 0 0 *.88 *.* LISTEN
tcp6 0 0 *.88 *.* LISTEN
tcp4 0 0 *.631 *.* LISTEN
tcp6 0 0 *.631 *.* LISTEN
tcp4 0 0 *.22 *.* LISTEN
tcp6 0 0 *.22 *.* LISTEN
tcp4 0 0 *.139 *.* LISTEN
tcp4 0 0 *.445 *.* LISTEN
tcp4 0 0 *.548 *.* LISTEN
tcp6 0 0 *.548 *.* LISTEN
tcp4 0 0 127.0.0.1.631 *.* LISTEN
tcp6 0 0 ::1.631 *.* LISTEN


then here are the results of nmap:



-pierre@evian.local ~ nmap -p 22 localhost 0 --15:23--

Starting Nmap 5.50 ( http://nmap.org ) at 2011-02-10 15:24 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000083s latency).
PORT STATE SERVICE
22/tcp open ssh

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds
-pierre@evian.local ~ nmap -p 2222 localhost 0 --15:24--

Starting Nmap 5.50 ( http://nmap.org ) at 2011-02-10 15:25 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000072s latency).
PORT STATE SERVICE
2222/tcp open EtherNet/IP-1

Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds


Now what happen when I try to ssh on localhost



-pierre@evian.local ~ ssh localhost 0 --15:30--
Connection closed by 127.0.0.1


When specifying the 2222 port.



-pierre@evian.local ~ ssh localhost -p 2222 255 --15:31--
Last login: Thu Feb 10 15:18:00 2011 from localhost


Succeed! The reason: I found it in the sshd_config file on the /opt/local/etc/ location. port 2222 here the file:



-pierre@evian.local ~ cat /opt/local/etc/ssh/sshd_config | less 0 --15:29--

# $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

Port 2222


So I decided to change the port in that file to 22



relaunch the service with unload/load as follow:



-pierre@evian.local /opt/local/etc/ssh ssh localhost -p 2222 0 --15:35--
Last login: Thu Feb 10 15:32:15 2011 from localhost
-pierre@evian.local ~ sudo port unload openssh 0 --15:35--
-pierre@evian.local ~ sudo port load openssh 0 --15:36--
-pierre@evian.local ~ ssh localhost -p 2222 0 --15:36--
ssh: connect to host localhost port 2222: Connection refused


Well, I'm feeling lucky and I try ssh localhost



-pierre@evian.local ~ ssh localhost 255 --15:36--
Connection closed by 127.0.0.1


No such a thing as luck I suppose. Here is a -vv of the command:



-pierre@evian.local ~ ssh -vv localhost 255 --15:37--
OpenSSH_5.6p1, OpenSSL 1.0.0c 2 Dec 2010
debug1: Reading configuration data /opt/local/etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /Users/pierre/.ssh/id_rsa type 1
debug1: identity file /Users/pierre/.ssh/id_rsa-cert type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /Users/pierre/.ssh/id_dsa type 2
debug1: identity file /Users/pierre/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 127/256
debug2: bits set: 520/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /Users/pierre/.ssh/known_hosts:1
debug2: bits set: 534/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/pierre/.ssh/id_rsa (0x10030e540)
debug2: key: /Users/pierre/.ssh/id_dsa (0x10031dcf0)
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/pierre/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
Connection closed by 127.0.0.1


What do you think?






ssh osx openssh







share|improve this question























  • Very nicely asked question.
    – gabe.
    Feb 10 '11 at 16:49














up vote
4
down vote

favorite
1












Here are basics information:



$ which ssh
/opt/local/bin/ssh


It's like that because I'm using MacPorts and it did install there.
I did the sudo port load openssh



When doing a netstat -an | grep LISTEN on reboot. I have this:



tcp4 0 0 *.2222 *.* LISTEN
tcp6 0 0 *.2222 *.* LISTEN
tcp46 0 0 *.5900 *.* LISTEN
tcp4 0 0 *.88 *.* LISTEN
tcp6 0 0 *.88 *.* LISTEN
tcp4 0 0 *.631 *.* LISTEN
tcp6 0 0 *.631 *.* LISTEN
tcp4 0 0 *.22 *.* LISTEN
tcp6 0 0 *.22 *.* LISTEN
tcp4 0 0 *.139 *.* LISTEN
tcp4 0 0 *.445 *.* LISTEN
tcp4 0 0 *.548 *.* LISTEN
tcp6 0 0 *.548 *.* LISTEN
tcp4 0 0 127.0.0.1.631 *.* LISTEN
tcp6 0 0 ::1.631 *.* LISTEN


then here are the results of nmap:



-pierre@evian.local ~ nmap -p 22 localhost 0 --15:23--

Starting Nmap 5.50 ( http://nmap.org ) at 2011-02-10 15:24 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000083s latency).
PORT STATE SERVICE
22/tcp open ssh

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds
-pierre@evian.local ~ nmap -p 2222 localhost 0 --15:24--

Starting Nmap 5.50 ( http://nmap.org ) at 2011-02-10 15:25 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000072s latency).
PORT STATE SERVICE
2222/tcp open EtherNet/IP-1

Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds


Now what happen when I try to ssh on localhost



-pierre@evian.local ~ ssh localhost 0 --15:30--
Connection closed by 127.0.0.1


When specifying the 2222 port.



-pierre@evian.local ~ ssh localhost -p 2222 255 --15:31--
Last login: Thu Feb 10 15:18:00 2011 from localhost


Succeed! The reason: I found it in the sshd_config file on the /opt/local/etc/ location. port 2222 here the file:



-pierre@evian.local ~ cat /opt/local/etc/ssh/sshd_config | less 0 --15:29--

# $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

Port 2222


So I decided to change the port in that file to 22



relaunch the service with unload/load as follow:



-pierre@evian.local /opt/local/etc/ssh ssh localhost -p 2222 0 --15:35--
Last login: Thu Feb 10 15:32:15 2011 from localhost
-pierre@evian.local ~ sudo port unload openssh 0 --15:35--
-pierre@evian.local ~ sudo port load openssh 0 --15:36--
-pierre@evian.local ~ ssh localhost -p 2222 0 --15:36--
ssh: connect to host localhost port 2222: Connection refused


Well, I'm feeling lucky and I try ssh localhost



-pierre@evian.local ~ ssh localhost 255 --15:36--
Connection closed by 127.0.0.1


No such a thing as luck I suppose. Here is a -vv of the command:



-pierre@evian.local ~ ssh -vv localhost 255 --15:37--
OpenSSH_5.6p1, OpenSSL 1.0.0c 2 Dec 2010
debug1: Reading configuration data /opt/local/etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /Users/pierre/.ssh/id_rsa type 1
debug1: identity file /Users/pierre/.ssh/id_rsa-cert type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /Users/pierre/.ssh/id_dsa type 2
debug1: identity file /Users/pierre/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 127/256
debug2: bits set: 520/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /Users/pierre/.ssh/known_hosts:1
debug2: bits set: 534/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/pierre/.ssh/id_rsa (0x10030e540)
debug2: key: /Users/pierre/.ssh/id_dsa (0x10031dcf0)
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/pierre/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
Connection closed by 127.0.0.1


What do you think?






ssh osx openssh







share|improve this question























  • Very nicely asked question.
    – gabe.
    Feb 10 '11 at 16:49












up vote
4
down vote

favorite
1









up vote
4
down vote

favorite
1






1





Here are basics information:



$ which ssh
/opt/local/bin/ssh


It's like that because I'm using MacPorts and it did install there.
I did the sudo port load openssh



When doing a netstat -an | grep LISTEN on reboot. I have this:



tcp4 0 0 *.2222 *.* LISTEN
tcp6 0 0 *.2222 *.* LISTEN
tcp46 0 0 *.5900 *.* LISTEN
tcp4 0 0 *.88 *.* LISTEN
tcp6 0 0 *.88 *.* LISTEN
tcp4 0 0 *.631 *.* LISTEN
tcp6 0 0 *.631 *.* LISTEN
tcp4 0 0 *.22 *.* LISTEN
tcp6 0 0 *.22 *.* LISTEN
tcp4 0 0 *.139 *.* LISTEN
tcp4 0 0 *.445 *.* LISTEN
tcp4 0 0 *.548 *.* LISTEN
tcp6 0 0 *.548 *.* LISTEN
tcp4 0 0 127.0.0.1.631 *.* LISTEN
tcp6 0 0 ::1.631 *.* LISTEN


then here are the results of nmap:



-pierre@evian.local ~ nmap -p 22 localhost 0 --15:23--

Starting Nmap 5.50 ( http://nmap.org ) at 2011-02-10 15:24 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000083s latency).
PORT STATE SERVICE
22/tcp open ssh

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds
-pierre@evian.local ~ nmap -p 2222 localhost 0 --15:24--

Starting Nmap 5.50 ( http://nmap.org ) at 2011-02-10 15:25 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000072s latency).
PORT STATE SERVICE
2222/tcp open EtherNet/IP-1

Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds


Now what happen when I try to ssh on localhost



-pierre@evian.local ~ ssh localhost 0 --15:30--
Connection closed by 127.0.0.1


When specifying the 2222 port.



-pierre@evian.local ~ ssh localhost -p 2222 255 --15:31--
Last login: Thu Feb 10 15:18:00 2011 from localhost


Succeed! The reason: I found it in the sshd_config file on the /opt/local/etc/ location. port 2222 here the file:



-pierre@evian.local ~ cat /opt/local/etc/ssh/sshd_config | less 0 --15:29--

# $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

Port 2222


So I decided to change the port in that file to 22



relaunch the service with unload/load as follow:



-pierre@evian.local /opt/local/etc/ssh ssh localhost -p 2222 0 --15:35--
Last login: Thu Feb 10 15:32:15 2011 from localhost
-pierre@evian.local ~ sudo port unload openssh 0 --15:35--
-pierre@evian.local ~ sudo port load openssh 0 --15:36--
-pierre@evian.local ~ ssh localhost -p 2222 0 --15:36--
ssh: connect to host localhost port 2222: Connection refused


Well, I'm feeling lucky and I try ssh localhost



-pierre@evian.local ~ ssh localhost 255 --15:36--
Connection closed by 127.0.0.1


No such a thing as luck I suppose. Here is a -vv of the command:



-pierre@evian.local ~ ssh -vv localhost 255 --15:37--
OpenSSH_5.6p1, OpenSSL 1.0.0c 2 Dec 2010
debug1: Reading configuration data /opt/local/etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /Users/pierre/.ssh/id_rsa type 1
debug1: identity file /Users/pierre/.ssh/id_rsa-cert type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /Users/pierre/.ssh/id_dsa type 2
debug1: identity file /Users/pierre/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 127/256
debug2: bits set: 520/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /Users/pierre/.ssh/known_hosts:1
debug2: bits set: 534/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/pierre/.ssh/id_rsa (0x10030e540)
debug2: key: /Users/pierre/.ssh/id_dsa (0x10031dcf0)
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/pierre/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
Connection closed by 127.0.0.1


What do you think?






ssh osx openssh







share|improve this question















Here are basics information:



$ which ssh
/opt/local/bin/ssh


It's like that because I'm using MacPorts and it did install there.
I did the sudo port load openssh



When doing a netstat -an | grep LISTEN on reboot. I have this:



tcp4 0 0 *.2222 *.* LISTEN
tcp6 0 0 *.2222 *.* LISTEN
tcp46 0 0 *.5900 *.* LISTEN
tcp4 0 0 *.88 *.* LISTEN
tcp6 0 0 *.88 *.* LISTEN
tcp4 0 0 *.631 *.* LISTEN
tcp6 0 0 *.631 *.* LISTEN
tcp4 0 0 *.22 *.* LISTEN
tcp6 0 0 *.22 *.* LISTEN
tcp4 0 0 *.139 *.* LISTEN
tcp4 0 0 *.445 *.* LISTEN
tcp4 0 0 *.548 *.* LISTEN
tcp6 0 0 *.548 *.* LISTEN
tcp4 0 0 127.0.0.1.631 *.* LISTEN
tcp6 0 0 ::1.631 *.* LISTEN


then here are the results of nmap:



-pierre@evian.local ~ nmap -p 22 localhost 0 --15:23--

Starting Nmap 5.50 ( http://nmap.org ) at 2011-02-10 15:24 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000083s latency).
PORT STATE SERVICE
22/tcp open ssh

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds
-pierre@evian.local ~ nmap -p 2222 localhost 0 --15:24--

Starting Nmap 5.50 ( http://nmap.org ) at 2011-02-10 15:25 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000072s latency).
PORT STATE SERVICE
2222/tcp open EtherNet/IP-1

Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds


Now what happen when I try to ssh on localhost



-pierre@evian.local ~ ssh localhost 0 --15:30--
Connection closed by 127.0.0.1


When specifying the 2222 port.



-pierre@evian.local ~ ssh localhost -p 2222 255 --15:31--
Last login: Thu Feb 10 15:18:00 2011 from localhost


Succeed! The reason: I found it in the sshd_config file on the /opt/local/etc/ location. port 2222 here the file:



-pierre@evian.local ~ cat /opt/local/etc/ssh/sshd_config | less 0 --15:29--

# $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

Port 2222


So I decided to change the port in that file to 22



relaunch the service with unload/load as follow:



-pierre@evian.local /opt/local/etc/ssh ssh localhost -p 2222 0 --15:35--
Last login: Thu Feb 10 15:32:15 2011 from localhost
-pierre@evian.local ~ sudo port unload openssh 0 --15:35--
-pierre@evian.local ~ sudo port load openssh 0 --15:36--
-pierre@evian.local ~ ssh localhost -p 2222 0 --15:36--
ssh: connect to host localhost port 2222: Connection refused


Well, I'm feeling lucky and I try ssh localhost



-pierre@evian.local ~ ssh localhost 255 --15:36--
Connection closed by 127.0.0.1


No such a thing as luck I suppose. Here is a -vv of the command:



-pierre@evian.local ~ ssh -vv localhost 255 --15:37--
OpenSSH_5.6p1, OpenSSL 1.0.0c 2 Dec 2010
debug1: Reading configuration data /opt/local/etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /Users/pierre/.ssh/id_rsa type 1
debug1: identity file /Users/pierre/.ssh/id_rsa-cert type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /Users/pierre/.ssh/id_dsa type 2
debug1: identity file /Users/pierre/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 127/256
debug2: bits set: 520/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /Users/pierre/.ssh/known_hosts:1
debug2: bits set: 534/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/pierre/.ssh/id_rsa (0x10030e540)
debug2: key: /Users/pierre/.ssh/id_dsa (0x10031dcf0)
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/pierre/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
Connection closed by 127.0.0.1


What do you think?






ssh osx openssh




ssh osx openssh






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 30 mins ago









Rui F Ribeiro

37.3k1374118




37.3k1374118










asked Feb 10 '11 at 14:42









Pierre Guilbert

1836




1836











  • Very nicely asked question.
    – gabe.
    Feb 10 '11 at 16:49
















  • Very nicely asked question.
    – gabe.
    Feb 10 '11 at 16:49















Very nicely asked question.
– gabe.
Feb 10 '11 at 16:49




Very nicely asked question.
– gabe.
Feb 10 '11 at 16:49










1 Answer
1






active

oldest

votes

















up vote
5
down vote



accepted










OS X comes with sshd already. It's running if you enable "Remote Login" in System Preferences under Sharing.



If all you want to do is make it listen on a non-default port, the trick is as follows:



  1. Open /System/Library/LaunchDaemons/ssh.plist in your favorite text editor.


  2. Find the SockServiceName key.


  3. Change the string value to something like ssh-alt, then save the plist file.


  4. Add an entry for ssh-alt to the /etc/services file.


  5. Go into the Sharing preference pane and toggle the "Remote Login" checkbox off and back on. You'll find that the native sshd is now listening on the other port.


You'd think you could avoid all that by editing /etc/sshd_config, but you'd be wrong. The native sshd pays attention to the plist file, only.






share|improve this answer
















  • 1




    Well, it did work. I owe you one. Thank you for your clear description and time!
    – Pierre Guilbert
    Feb 10 '11 at 15:41






  • 1




    The ports for the sshd that is bundled with Mac OS X can not be configured through /etc/sshd_config because the bundled sshd is launched in “inetd mode”. In this mode sshd expects stdin and stdout to be already connected to the client, so it has no say over what port or protocols are used to listen for and accept clients. /etc/sshd_config is still effective for configuring other aspects of the default sshd. The plist file for the MacPorts sshd does not use “inetd mode”, so the ports for that sshd can be configured in its configuration file (/opt/local/etc/ssh/sshd_config).
    – Chris Johnsen
    Feb 11 '11 at 3:22






  • 1




    Thanks for the explanation, Chris. I didn't mean to imply that the native sshd ignored everything in sshd_config, only the Port setting. I like to turn off PermitRootLogin and PasswordAuthentication in mine on any host I've got port-forwarded to the Internet. Using a different port number is part of that securing process. It's merely "security through obscurity", but it does cut down on a whole lot of bot attack traffic nevertheless.
    – Warren Young
    Feb 11 '11 at 13:29











Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f7197%2fi-cant-ssh-on-localhost-at-a-certain-port-on-os-x%23new-answer', 'question_page');

);

Post as a guest

















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
5
down vote



accepted










OS X comes with sshd already. It's running if you enable "Remote Login" in System Preferences under Sharing.



If all you want to do is make it listen on a non-default port, the trick is as follows:



  1. Open /System/Library/LaunchDaemons/ssh.plist in your favorite text editor.


  2. Find the SockServiceName key.


  3. Change the string value to something like ssh-alt, then save the plist file.


  4. Add an entry for ssh-alt to the /etc/services file.


  5. Go into the Sharing preference pane and toggle the "Remote Login" checkbox off and back on. You'll find that the native sshd is now listening on the other port.


You'd think you could avoid all that by editing /etc/sshd_config, but you'd be wrong. The native sshd pays attention to the plist file, only.






share|improve this answer
















  • 1




    Well, it did work. I owe you one. Thank you for your clear description and time!
    – Pierre Guilbert
    Feb 10 '11 at 15:41






  • 1




    The ports for the sshd that is bundled with Mac OS X can not be configured through /etc/sshd_config because the bundled sshd is launched in “inetd mode”. In this mode sshd expects stdin and stdout to be already connected to the client, so it has no say over what port or protocols are used to listen for and accept clients. /etc/sshd_config is still effective for configuring other aspects of the default sshd. The plist file for the MacPorts sshd does not use “inetd mode”, so the ports for that sshd can be configured in its configuration file (/opt/local/etc/ssh/sshd_config).
    – Chris Johnsen
    Feb 11 '11 at 3:22






  • 1




    Thanks for the explanation, Chris. I didn't mean to imply that the native sshd ignored everything in sshd_config, only the Port setting. I like to turn off PermitRootLogin and PasswordAuthentication in mine on any host I've got port-forwarded to the Internet. Using a different port number is part of that securing process. It's merely "security through obscurity", but it does cut down on a whole lot of bot attack traffic nevertheless.
    – Warren Young
    Feb 11 '11 at 13:29















up vote
5
down vote



accepted










OS X comes with sshd already. It's running if you enable "Remote Login" in System Preferences under Sharing.



If all you want to do is make it listen on a non-default port, the trick is as follows:



  1. Open /System/Library/LaunchDaemons/ssh.plist in your favorite text editor.


  2. Find the SockServiceName key.


  3. Change the string value to something like ssh-alt, then save the plist file.


  4. Add an entry for ssh-alt to the /etc/services file.


  5. Go into the Sharing preference pane and toggle the "Remote Login" checkbox off and back on. You'll find that the native sshd is now listening on the other port.


You'd think you could avoid all that by editing /etc/sshd_config, but you'd be wrong. The native sshd pays attention to the plist file, only.






share|improve this answer
















  • 1




    Well, it did work. I owe you one. Thank you for your clear description and time!
    – Pierre Guilbert
    Feb 10 '11 at 15:41






  • 1




    The ports for the sshd that is bundled with Mac OS X can not be configured through /etc/sshd_config because the bundled sshd is launched in “inetd mode”. In this mode sshd expects stdin and stdout to be already connected to the client, so it has no say over what port or protocols are used to listen for and accept clients. /etc/sshd_config is still effective for configuring other aspects of the default sshd. The plist file for the MacPorts sshd does not use “inetd mode”, so the ports for that sshd can be configured in its configuration file (/opt/local/etc/ssh/sshd_config).
    – Chris Johnsen
    Feb 11 '11 at 3:22






  • 1




    Thanks for the explanation, Chris. I didn't mean to imply that the native sshd ignored everything in sshd_config, only the Port setting. I like to turn off PermitRootLogin and PasswordAuthentication in mine on any host I've got port-forwarded to the Internet. Using a different port number is part of that securing process. It's merely "security through obscurity", but it does cut down on a whole lot of bot attack traffic nevertheless.
    – Warren Young
    Feb 11 '11 at 13:29













up vote
5
down vote



accepted







up vote
5
down vote



accepted






OS X comes with sshd already. It's running if you enable "Remote Login" in System Preferences under Sharing.



If all you want to do is make it listen on a non-default port, the trick is as follows:



  1. Open /System/Library/LaunchDaemons/ssh.plist in your favorite text editor.


  2. Find the SockServiceName key.


  3. Change the string value to something like ssh-alt, then save the plist file.


  4. Add an entry for ssh-alt to the /etc/services file.


  5. Go into the Sharing preference pane and toggle the "Remote Login" checkbox off and back on. You'll find that the native sshd is now listening on the other port.


You'd think you could avoid all that by editing /etc/sshd_config, but you'd be wrong. The native sshd pays attention to the plist file, only.






share|improve this answer












OS X comes with sshd already. It's running if you enable "Remote Login" in System Preferences under Sharing.



If all you want to do is make it listen on a non-default port, the trick is as follows:



  1. Open /System/Library/LaunchDaemons/ssh.plist in your favorite text editor.


  2. Find the SockServiceName key.


  3. Change the string value to something like ssh-alt, then save the plist file.


  4. Add an entry for ssh-alt to the /etc/services file.


  5. Go into the Sharing preference pane and toggle the "Remote Login" checkbox off and back on. You'll find that the native sshd is now listening on the other port.


You'd think you could avoid all that by editing /etc/sshd_config, but you'd be wrong. The native sshd pays attention to the plist file, only.







share|improve this answer












share|improve this answer



share|improve this answer










answered Feb 10 '11 at 15:23









Warren Young

53.7k8140144




53.7k8140144







  • 1




    Well, it did work. I owe you one. Thank you for your clear description and time!
    – Pierre Guilbert
    Feb 10 '11 at 15:41






  • 1




    The ports for the sshd that is bundled with Mac OS X can not be configured through /etc/sshd_config because the bundled sshd is launched in “inetd mode”. In this mode sshd expects stdin and stdout to be already connected to the client, so it has no say over what port or protocols are used to listen for and accept clients. /etc/sshd_config is still effective for configuring other aspects of the default sshd. The plist file for the MacPorts sshd does not use “inetd mode”, so the ports for that sshd can be configured in its configuration file (/opt/local/etc/ssh/sshd_config).
    – Chris Johnsen
    Feb 11 '11 at 3:22






  • 1




    Thanks for the explanation, Chris. I didn't mean to imply that the native sshd ignored everything in sshd_config, only the Port setting. I like to turn off PermitRootLogin and PasswordAuthentication in mine on any host I've got port-forwarded to the Internet. Using a different port number is part of that securing process. It's merely "security through obscurity", but it does cut down on a whole lot of bot attack traffic nevertheless.
    – Warren Young
    Feb 11 '11 at 13:29













  • 1




    Well, it did work. I owe you one. Thank you for your clear description and time!
    – Pierre Guilbert
    Feb 10 '11 at 15:41






  • 1




    The ports for the sshd that is bundled with Mac OS X can not be configured through /etc/sshd_config because the bundled sshd is launched in “inetd mode”. In this mode sshd expects stdin and stdout to be already connected to the client, so it has no say over what port or protocols are used to listen for and accept clients. /etc/sshd_config is still effective for configuring other aspects of the default sshd. The plist file for the MacPorts sshd does not use “inetd mode”, so the ports for that sshd can be configured in its configuration file (/opt/local/etc/ssh/sshd_config).
    – Chris Johnsen
    Feb 11 '11 at 3:22






  • 1




    Thanks for the explanation, Chris. I didn't mean to imply that the native sshd ignored everything in sshd_config, only the Port setting. I like to turn off PermitRootLogin and PasswordAuthentication in mine on any host I've got port-forwarded to the Internet. Using a different port number is part of that securing process. It's merely "security through obscurity", but it does cut down on a whole lot of bot attack traffic nevertheless.
    – Warren Young
    Feb 11 '11 at 13:29








1




1




Well, it did work. I owe you one. Thank you for your clear description and time!
– Pierre Guilbert
Feb 10 '11 at 15:41




Well, it did work. I owe you one. Thank you for your clear description and time!
– Pierre Guilbert
Feb 10 '11 at 15:41




1




1




The ports for the sshd that is bundled with Mac OS X can not be configured through /etc/sshd_config because the bundled sshd is launched in “inetd mode”. In this mode sshd expects stdin and stdout to be already connected to the client, so it has no say over what port or protocols are used to listen for and accept clients. /etc/sshd_config is still effective for configuring other aspects of the default sshd. The plist file for the MacPorts sshd does not use “inetd mode”, so the ports for that sshd can be configured in its configuration file (/opt/local/etc/ssh/sshd_config).
– Chris Johnsen
Feb 11 '11 at 3:22




The ports for the sshd that is bundled with Mac OS X can not be configured through /etc/sshd_config because the bundled sshd is launched in “inetd mode”. In this mode sshd expects stdin and stdout to be already connected to the client, so it has no say over what port or protocols are used to listen for and accept clients. /etc/sshd_config is still effective for configuring other aspects of the default sshd. The plist file for the MacPorts sshd does not use “inetd mode”, so the ports for that sshd can be configured in its configuration file (/opt/local/etc/ssh/sshd_config).
– Chris Johnsen
Feb 11 '11 at 3:22




1




1




Thanks for the explanation, Chris. I didn't mean to imply that the native sshd ignored everything in sshd_config, only the Port setting. I like to turn off PermitRootLogin and PasswordAuthentication in mine on any host I've got port-forwarded to the Internet. Using a different port number is part of that securing process. It's merely "security through obscurity", but it does cut down on a whole lot of bot attack traffic nevertheless.
– Warren Young
Feb 11 '11 at 13:29





Thanks for the explanation, Chris. I didn't mean to imply that the native sshd ignored everything in sshd_config, only the Port setting. I like to turn off PermitRootLogin and PasswordAuthentication in mine on any host I've got port-forwarded to the Internet. Using a different port number is part of that securing process. It's merely "security through obscurity", but it does cut down on a whole lot of bot attack traffic nevertheless.
– Warren Young
Feb 11 '11 at 13:29


















 

draft saved


draft discarded















































 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f7197%2fi-cant-ssh-on-localhost-at-a-certain-port-on-os-x%23new-answer', 'question_page');

);

Post as a guest
































































-

Popular posts from this blog

How to check contact read email or not when send email to Individual?

Image
Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Sep 26 at 0:12 ToanLuong 49 9 add a comment  |  up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Se
Read more

Displaying single band from multi-band raster using QGIS

Image
Clash Royale CLAN TAG #URR8PPP 1 How can I extract a single band from multi-band raster in QGIS? I have an remote sensed image which has 6 bands (including NDVI band), I want to display each band separately, but have no idea how to do. I have seen some questions similar here but none worked for me. The original image (has 6 bands) is: I want to display the band 6 which should be like this: But I tried gdal_translate, and couldn't get the correct result. What I have got is: qgis raster multi-band share | improve this question edited Mar 5 at 0:53 Summer asked Mar 4 at 6:42 Summer Summer 23 6 Is this any help gis.stackexchange.com/questions/220658/… ? if not gis.stackexchange.com/questions/62133/… might help. – Michael Stimson Mar 4 at 6:46 Thanks for answering but when I used gdal_translate, qgis showed that 'Error 4: Kayena.tif: No such file or directory". Would you know how to fix it? –
Read more

How many registers does an x86_64 CPU actually have?

Image
Clash Royale CLAN TAG #URR8PPP up vote 2 down vote favorite I am currently learning reverse engineering and am studying the flags register. I had in my mind that rflags was just another name for one of the 16 general purpose registers, for example rax or rbx . But it looks like rflags is actually an additional register. So that makes 17 registers in total... how many more could there be? I have spent at least an hour on this and found numerous different answers. The best answer so far is this, which says that there are 40 registers in total. 16 General Purpose Registers 2 Status Registers 6 Code Segment Registers 16 SSE Registers 8 FPU/MMX Registers But if I add that up, I get 48. Could anybody provide an official answer on how many registers an x86_64 CPU has (e.g. an Intel i7). Additionally, I have seen references to 'hardware' and 'architectural' registers. What are those registers and how many are there? register x86-64 share | improve this
Read more