Server Configuration

OpenSSH requires that users be in the ssh-users group to login.

A public key is recommended, but not required.

# A barebones sshd_config
PermitRootLogin no
PasswordAuthentication no
UsePAM no
PrintMotd no
PrintLastLog no
Subsystem       sftp    /usr/lib64/misc/sftp-server
AllowGroups ssh-users

User Configuration

Don't hash known_hosts so that bash completion will work. Add to ~/.ssh/config:

HashKnownHosts no

Decide which public key to use. Also see this.

IdentityFile ~/.ssh/id_rsa


SSHD must be enabled in System Preferences > Sharing with service Remote Login enabled. A firewall rule must allow access on port 22 as well, which can be setup in System Preferences > Security > Firewall > Advanced with the following configuration:

  • Block all incoming connections (unchecked)
  • Remote Login (SSH) - Allow incoming connections

The config file for OS X for SSHD is located at /etc/sshd_config

Add these lines to the config file:

PermitRootLogin no
PasswordAuthentication no
UsePAM no
AllowUsers <user-name>

Then restart the SSH server manually from Terminal:

launchctl stop com.openssh.sshd
launchctl start com.openssh.sshd

Building from Source

Use the local copy of OpenSSL:

./configure --with-ssl-dir=/usr/local

If looking for ssh-copy-id, it will be in the contrib directory.