This is by far the preferred method - it does not mess with OSX system files, and survives O/S updates. It can of course be used for any Linux/UNIX host, since socat runs on all of them. You're done and your mac os x system files are left unchanged. In addition, this method works on all versions of Mac OS X and also on any machine on which socat may run. The last thing you need to do if you use a router/firewall is to include the correct redirect commands in your router/firewall. Also, it avoids getting stuck into the debate whether the ssh.plist method, the services method or the whatever method is better, more elegant or worse than the other. You may also easily prepare a script that runs at start up to rebuild the socat redirection each you restart your machine. Place this inÂ
Use In addition, you can also improve security by (i) setting your firewall to block any connections to your port 22 from any other interface than the loopback (127.0.0.1) and (ii) make a similar change in your sshd.conf file to have ssh listen on the loopback only. NOTE: You'll note when doing an nmap including the higher ports, that this service is active on your designated port, as well as on the original port 22. This is intentional and normal. The idea is that you forward only the higher port on your router. The other port 22 still operates as normal on your local subnet. (nmap -p- will scan all ports - could take a long time, so be patient) |
Home‎ > ‎Server config‎ > ‎