?
Solved

How to find  ssh port on Linux box

Posted on 2011-03-01
15
Medium Priority
?
760 Views
Last Modified: 2012-05-11
Very quick question  I had last night when using nmap.  Lets say  SSH is confgigured to listen on  another port than 22, is  it possible to detect what port ssh is listening to?
0
Comment
Question by:maxalarie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
  • 3
15 Comments
 
LVL 40

Expert Comment

by:omarfarid
ID: 35009089
you can use netstat to find out
0
 
LVL 2

Author Comment

by:maxalarie
ID: 35009131
Nerstat will tell me what ports are used, but how will I know which one is SSH?
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 35009165
I do not have a system to test the command, but is the output of

netstat -na | grep -i list
0
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

 
LVL 2

Author Comment

by:maxalarie
ID: 35009200
Thanks, but that does not really help me..  Netstat tells  you which port are open on the remote machine , which is good. But it does not tell you what port is used for ssh, when ssh is configured on a non STD port.  Maybe what i'm asking is impossible. It would be a breach of security.
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 35009241
is your question for ssh port on the local system or on the remote system?
0
 
LVL 16

Expert Comment

by:medvedd
ID: 35009558
On local system, find your sshd process number and use lsof:

lsof -p xxxx | grep LISTEN

where xxxx - process number of sshd.

If you are trying to find ssh port on remote system, use nmap:

nmap -sV <hostname/ip>
0
 
LVL 2

Author Comment

by:maxalarie
ID: 35009767
Ok,
Here is what  I want to do.

I have a domain  on the Internet,    SSH is configured to listen  on a non standard port. I just want to make sure that this port is not listed  when a port scanner tool is used.  The ipadress of my domain is: 75.98.164.221

the ssh port is not displayed when I use nmap. Only the default one is listed as closed.  What i find strange is that some other port  is listed as unknown: 55555.  My ssh port is way below that port number and is not getting listed by nmap.. I just wondering why
0
 
LVL 16

Expert Comment

by:medvedd
ID: 35010322
If port is open to the world, it should be listed by nmap.
Does ssh is working on this port? I mean, can you ssh from outside to this
computer/port?
0
 
LVL 2

Author Comment

by:maxalarie
ID: 35010341
Absolutely, i can ssh to it.  But the post is not listed by nmap.
0
 
LVL 16

Expert Comment

by:medvedd
ID: 35010723
It's very strange. If you are ssh'ing from the same computer, nmap should list something like this:

2424/tcp open  ssh     OpenSSH 4.3 (protocol 2.0)

Do you have any firewalls between nmap and target host?
0
 
LVL 2

Author Comment

by:maxalarie
ID: 35010749
I can  install nmap on the server since its  a remote cpanel hosting. But at the moment, and I am a little bit ashamed to admii it.. There is a firewall between the 2 machines..  

I will test with another server and get back..  

I cant believe I didnt think of that..
0
 
LVL 2

Author Comment

by:maxalarie
ID: 35010789
The nmap return this:

Starting Nmap 5.00 ( http://nmap.org ) at 2011-03-01 19:17 UTC
Interesting ports on 75.98.164.221.static.a2webhosting.com (75.98.164.221):
Not shown: 984 filtered ports
PORT      STATE  SERVICE   VERSION
21/tcp    open   ftp       PureFTPd
22/tcp    closed ssh
25/tcp    open   smtp      Exim smtpd 4.69
53/tcp    open   domain
80/tcp    open   http      Apache httpd
110/tcp   open   pop3
125/tcp   closed locus-map
143/tcp   open   imap      Dovecot imapd
161/tcp   closed snmp
443/tcp   open   http      Apache httpd
465/tcp   open   smtps?
993/tcp   open   ssl/imap  Dovecot imapd
995/tcp   open   ssl/pop3
2041/tcp  closed interbase
2525/tcp  open   smtp      Exim smtpd 4.69


my ssh port is configured on port 7822 and its not listed here.
0
 
LVL 16

Accepted Solution

by:
medvedd earned 2000 total points
ID: 35010885
nmap  -PN -sV -p 7000-8000 75.98.164.221

PORT     STATE SERVICE VERSION
7822/tcp open  ssh     OpenSSH 5.5 (protocol 2.0)

By default, Nmap scans the most common 1,000 ports for each protocol,
so your port was not in the scan.
0
 
LVL 2

Author Comment

by:maxalarie
ID: 35010933
ok.

thank you very much.
0
 
LVL 2

Author Closing Comment

by:maxalarie
ID: 35010938
Thank you
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question