Run sshd from Homebrew instead of Ventura's

Question

The ssh from Ventura 13.3.1 is rather old (OpenSSH_9.0p1); the version I installed from Homebrew is OpenSSH_9.3p1.

The problem is: How can I achieve that sshd from Homebrew is run on startup instead of that of Ventura?

I did some digging but I just can't find the .plist that runs it. Can anybody tell me the location?

I know that I have to temporarily disable SIP for the modification; that's no problem for me.

Placing a .plist in ~/Library/LaunchAgents is not an option because I want to keep port 22.

It doesn't run from startup. macOS has an inetd-like facility through launchd that starts sshd as appropriate. Question... why do you need to run the one from Homebrew? — Marc Wilson, Apr 09 '23 at 14:48
@Marc Wilson: I just don't like using outdated software. Do you mean it isn't started directly by launchd but by another daemon? — Christoph, Apr 09 '23 at 15:38
launchd is the parent of sshd? That is not correct. launchd manages the starting of daemons and agents much like the old rc.d in FreeBSD or inetd for Linux or the SMF framework in Solaris. It just launches jobs, sshd is not dependent nor a child process of it. — Allan, Apr 09 '23 at 16:12
See this post for a brief primer on launchd and creating a .plist — Allan, Apr 09 '23 at 16:15
Doesn‘t disabling remote login prevent the standard sshd from starting (and attaching to port 22)? — nohillside, Apr 09 '23 at 16:24
@Allan: And what about this? Process: sshd [8738] Path: /usr/sbin/sshd Load Address: 0x10c5f3000 Identifier: sshd Version: 282.100.6 Code Type: X86-64 Platform: macOS Parent Process: launchd [1] BTW: I merely know systemd from Linux. Thanks for the link. — Christoph, Apr 09 '23 at 16:38
@nohillside: A program must run as root to access port 22. I've created a .plist in ~/Library/LaunchAgents for /usr/local/sbin/sshd, but this way, it is run under my account and thus cannot access port 22. — Christoph, Apr 09 '23 at 16:42
Poor wording on Apple's choice. You can kill launchd and everything will continue to run. launchd was just the bootstrapper. If you want to run it as root and have it available at all times like the native sshd, you need to create a LaunchDaemon. — Allan, Apr 09 '23 at 16:51
If you want to have it run as root, put it into /Library/LaunchDaemons. — nohillside, Apr 09 '23 at 17:04
I'm still wondering why you need to replace it. sshd is started by /System/Library/LaunchDaemons/ssh.plist when something accesses port 22 via tcp. — Marc Wilson, Apr 09 '23 at 17:23
@MarcWilson See https://www.openssh.com/releasenotes.html for the differences between OpenSSH_9.0p1 and OpenSSH_9.3p1. I can understand the intention to have a more recent version of OpenSSH than the one provided by Apple. — nohillside, Apr 09 '23 at 17:41
@MarcWilson: Thanks for pointing out; I found it myself in the meantime. It calls /usr/libexec/sshd-keygen-wrapper which checks if host keys are present and if not, it creates them and then calls /usr/sbin/sshd. Totally unneccessary to check this each time a connection is made, so by replacing /usr/libexec/sshd-keygen-wrapper with /usr/local/sbin/sshd, you not only get the most recent version, but also avoid that stupid check. — Christoph, Apr 09 '23 at 18:08
@nohillside: Thanks for backing my stance. As a Debian testing user, I get daily upgrades. And you are right, I like to have things under control instead of relying on Apple. — Christoph, Apr 09 '23 at 18:18
Seems as if you have the details figured out now. Can you post an answer summarizing the steps required to use a non-Apple sshd? — nohillside, Apr 09 '23 at 18:20
@nohillside: I'd really like to, but even though I've disabled SIP, vi doesn't let me save my changes to ssh.plist. Any advice? Of course, I ran it with sudo. — Christoph, Apr 09 '23 at 19:10
Obviously, Apple has changed sth. since Catalina. Disabling SIP doesn't suffice anymore. This is really annoying, but typical for Apple. I'm investigating this. — Christoph, Apr 09 '23 at 19:23

Run sshd from Homebrew instead of Ventura's

0 Answers0