Enabling SSH Service in macOS: Resolving Port 22 Connection Refused Issues

Problem Context and Diagnosis

When configuring local development environments on macOS systems, users frequently encounter SSH connection failures. The typical error message appears as: ssh: connect to host localhost port 22: Connection refused. This situation commonly occurs when attempting to establish SSH connections to the localhost, even after properly generating SSH key pairs and configuring authorized key files.

Root Cause Analysis

Although macOS operating systems come pre-installed with both SSH client and server components, the SSH daemon (sshd) is disabled by default for security reasons. This means that even if port 22 appears open in firewall rules, no service process is actively listening for connection requests on that port. This design decision reduces the system's potential attack surface but requires users to explicitly enable the service before use.

Solution Implementation

To enable SSH services, users must configure the system through System Preferences. The specific operational steps are as follows:

1. Open the System Preferences application
2. In macOS 10.6.7 and earlier versions, locate the Sharing panel under the Internet & Networking category
3. In newer macOS versions (Yosemite and later), the Sharing panel has been moved to the main System Preferences interface
4. Within the Sharing settings interface, check the Remote Login option
5. The system will immediately start the SSH daemon and display available connection information at the bottom of the panel

Configuration Verification and Testing

After enabling remote login functionality, the following verification steps are recommended:

# Test SSH connection
ssh localhost

# Check SSH service status
sudo systemsetup -getremotelogin

# Verify port listening status
netstat -an | grep 22

# Perform port scanning using network utilities
# Confirm that port 22 now shows as open

Key Configuration Considerations

While enabling SSH service is crucial for resolving connection issues, proper key configuration remains equally important. Users should ensure:

• Generating appropriate key pairs (such as RSA or ECDSA) using the ssh-keygen command
• Correctly appending public keys to the ~/.ssh/authorized_keys file
• Setting appropriate file permissions (700 for ~/.ssh directory, 600 for key files)

Handling System Version Differences

Different macOS versions exhibit variations in System Preferences interface layouts. For OS X Yosemite (10.10) and newer versions, users need to locate the Sharing icon directly on the main System Preferences interface, rather than accessing it through the Internet & Networking category. This interface change reflects Apple's redesign of system settings organization while maintaining core functionality.

Security Considerations and Best Practices

After enabling SSH services, implementing the following security measures is recommended:

• Consider changing the default SSH port to reduce risks from automated attacks
• Configure firewall rules to restrict SSH access source IP addresses
• Regularly update system and SSH packages to patch security vulnerabilities
• Utilize strong passwords or key-based authentication, avoiding weak passwords
• Monitor SSH connection attempts in system logs

Troubleshooting Guide

If SSH connections cannot be established after following the above steps, consider the following troubleshooting directions:

1. Check system firewall settings to ensure no rules are blocking port 22 traffic
2. Verify whether the SSH daemon is running: ps aux | grep sshd
3. Examine system logs for detailed error information: sudo tail -f /var/log/system.log
4. Attempt connection tests using both localhost and 127.0.0.1 addresses
5. Ensure no other applications are occupying port 22