The existing version of openssh on OS X 10.7.4 is SSH-2.0-OpenSSH_5.6, which is not, unfortunately, PCI Compliant. So, I need to upgrade it and I have been trying to do so with Homebrew.
So far, what I've done is:
brew tap homebrew/dupes
brew install openssh
No problem, all went well, and now when I try which ssh
I get:
/usr/local/bin/ssh
Which seems fine, also which sshd
gives:
/usr/local/sbin/sshd
and ssh -v
duly reports:
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
So far so good. But here's where I'm out of my element. Port 22 is still using the OS installed version, which is to say that telnet hostname 22
reports:
SSH-2.0-OpenSSH_5.6
I've tried mucking around with /System/Library/LaunchDaemons/ssh.plist with no luck.
So, my questions are (probably in reverse order of importance):
- How do I get my Homebrew installation of openssh to be the one listening on port 22?
- If I do, will this cause any conflicts with OS X or other software?
- Is the way I'm going about this a reasonable one in the first place?
- Am I not thinking about things that I should be?
- Is this a terrible idea to begin with?
I'm frustrated about not passing the PCI Compliance scan and need to get this figured out, and frankly I'm considering changing all the e-commerce websites on my server over to stripe.com, but I would like to get this figured out. Also, does anyone know if openssh will be upgraded in Mountain Lion?
Edit: Here's what I've been trying in /System/Library/LaunchDaemons/ssh.plist:
I've only edited one line, changing:
<string>/usr/sbin/sshd</string>
To
<string>/usr/local/sbin/sshd</string>
And then I tried sudo kill -HUP 1
as suggested by @the-paul below, as well as restarting the Mac.
Telnetting in from a remote still shows SSH-2.0-OpenSSH_5.6
My whole ssh.plist file now looks like this: http://pastie.org/private/qnhofuxomawjdypp9wgaq