I take advantage of SSH extensively for communication between methods inside a non-public community (192.xxx). Now it’s crucial to permit solely some features (notably SCP) with a few exterior world servers. So, persevering with to make use of port 22 internally, I wish to arrange a extra restricted SSH server (say on port 10022) to entry from the Web (sure, I’m conscious of the dangers and take accountability if every little thing falls aside).
I do not see that query addressed right here on Ask Totally different(ly). I see there’s a /and many others/ssh/sshd_config file and it seems to be fairly customary… is it only a matter of duplicating and modifying it, and doing the identical with a plist? If that’s the case, the place would I discover that plist?
(I discovered /System/Library/LaunchDaemons/ssh.plist however it says it is disabled. I additionally discovered /System/Library/LaunchAgents/com.openssh.ssh-agent.plist however I am unsure that is appropriate both, particularly because it’s within the Listing of Brokers (not Daemons).
At the moment, the energetic traces in /and many others/ssh/sshd_config_alt are:
Port xxxxx
SyslogFacility AUTH
LogLevel INFO
PubkeyAuthentication sure
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
AllowAgentForwarding no
AllowTcpForwarding no
PermitTTY no
PermitUserEnvironment no
ForceCommand internal-sftp
That is what occurs when an individual tries to attach by way of SSH to that system.
> ssh -p nnnnn macstudio
PTY allocation request failed on channel 0
This service permits sftp connections solely.
Connection to macstudio closed.
After all, the modified port 22 /and many others/ssh/sshd_config file limits incoming connections to the native community.
