Port 22: What's Using It and Is It Safe to Close?

Port 22 is the standard port for SSH, the protocol for encrypted remote login and secure file transfer (SFTP runs over it too). On a Mac, port 22 is only listening if you’ve turned on Remote Login.

What typically listens on port 22

• macOS Remote Login: Enabling System Settings > General > Sharing > Remote Login starts Apple’s built-in sshd on port 22.
• Third-party SSH servers: Less common on macOS, but some setups install their own.
• SFTP: Secure file transfer uses the same SSH service and port.

Unlike a dev server, this is a real system service managed by launchd.

Is it safe to close?

Don’t kill the process directly. macOS supervises sshd through launchd, so it will respawn, and force-killing it can drop active sessions abruptly. If your goal is to close port 22, turn the feature off properly:

System Settings > General > Sharing > Remote Login (toggle off).

That stops the listener cleanly and keeps it from coming back.

Is it suspicious?

If you intentionally enabled Remote Login, an open 22 is expected. If you didn’t, investigate: a listening SSH server you never set up is a real concern. Check whether Remote Login is on in Sharing, and confirm the listening process is the system sshd and not something unfamiliar.

An SSH port exposed to the internet is one of the most scanned targets there is. If you keep it open, use key-based authentication rather than passwords.

How to find what’s on port 22 on macOS

lsof -i :22

You’ll typically see sshd owned by root. To check whether Remote Login is the source, look in Sharing settings rather than killing the process.

Portie lists port 22 with its owning process in real time, so you can confirm whether SSH is actually listening and whether it’s the expected system service.