Solved

How to find  ssh port on Linux box

Posted on 2011-03-01
15
741 Views
Last Modified: 2012-05-11
Very quick question  I had last night when using nmap.  Lets say  SSH is confgigured to listen on  another port than 22, is  it possible to detect what port ssh is listening to?
0
Comment
Question by:maxalarie
  • 8
  • 4
  • 3
15 Comments
 
LVL 40

Expert Comment

by:omarfarid
ID: 35009089
you can use netstat to find out
0
 
LVL 2

Author Comment

by:maxalarie
ID: 35009131
Nerstat will tell me what ports are used, but how will I know which one is SSH?
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 35009165
I do not have a system to test the command, but is the output of

netstat -na | grep -i list
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Author Comment

by:maxalarie
ID: 35009200
Thanks, but that does not really help me..  Netstat tells  you which port are open on the remote machine , which is good. But it does not tell you what port is used for ssh, when ssh is configured on a non STD port.  Maybe what i'm asking is impossible. It would be a breach of security.
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 35009241
is your question for ssh port on the local system or on the remote system?
0
 
LVL 16

Expert Comment

by:medvedd
ID: 35009558
On local system, find your sshd process number and use lsof:

lsof -p xxxx | grep LISTEN

where xxxx - process number of sshd.

If you are trying to find ssh port on remote system, use nmap:

nmap -sV <hostname/ip>
0
 
LVL 2

Author Comment

by:maxalarie
ID: 35009767
Ok,
Here is what  I want to do.

I have a domain  on the Internet,    SSH is configured to listen  on a non standard port. I just want to make sure that this port is not listed  when a port scanner tool is used.  The ipadress of my domain is: 75.98.164.221

the ssh port is not displayed when I use nmap. Only the default one is listed as closed.  What i find strange is that some other port  is listed as unknown: 55555.  My ssh port is way below that port number and is not getting listed by nmap.. I just wondering why
0
 
LVL 16

Expert Comment

by:medvedd
ID: 35010322
If port is open to the world, it should be listed by nmap.
Does ssh is working on this port? I mean, can you ssh from outside to this
computer/port?
0
 
LVL 2

Author Comment

by:maxalarie
ID: 35010341
Absolutely, i can ssh to it.  But the post is not listed by nmap.
0
 
LVL 16

Expert Comment

by:medvedd
ID: 35010723
It's very strange. If you are ssh'ing from the same computer, nmap should list something like this:

2424/tcp open  ssh     OpenSSH 4.3 (protocol 2.0)

Do you have any firewalls between nmap and target host?
0
 
LVL 2

Author Comment

by:maxalarie
ID: 35010749
I can  install nmap on the server since its  a remote cpanel hosting. But at the moment, and I am a little bit ashamed to admii it.. There is a firewall between the 2 machines..  

I will test with another server and get back..  

I cant believe I didnt think of that..
0
 
LVL 2

Author Comment

by:maxalarie
ID: 35010789
The nmap return this:

Starting Nmap 5.00 ( http://nmap.org ) at 2011-03-01 19:17 UTC
Interesting ports on 75.98.164.221.static.a2webhosting.com (75.98.164.221):
Not shown: 984 filtered ports
PORT      STATE  SERVICE   VERSION
21/tcp    open   ftp       PureFTPd
22/tcp    closed ssh
25/tcp    open   smtp      Exim smtpd 4.69
53/tcp    open   domain
80/tcp    open   http      Apache httpd
110/tcp   open   pop3
125/tcp   closed locus-map
143/tcp   open   imap      Dovecot imapd
161/tcp   closed snmp
443/tcp   open   http      Apache httpd
465/tcp   open   smtps?
993/tcp   open   ssl/imap  Dovecot imapd
995/tcp   open   ssl/pop3
2041/tcp  closed interbase
2525/tcp  open   smtp      Exim smtpd 4.69


my ssh port is configured on port 7822 and its not listed here.
0
 
LVL 16

Accepted Solution

by:
medvedd earned 500 total points
ID: 35010885
nmap  -PN -sV -p 7000-8000 75.98.164.221

PORT     STATE SERVICE VERSION
7822/tcp open  ssh     OpenSSH 5.5 (protocol 2.0)

By default, Nmap scans the most common 1,000 ports for each protocol,
so your port was not in the scan.
0
 
LVL 2

Author Comment

by:maxalarie
ID: 35010933
ok.

thank you very much.
0
 
LVL 2

Author Closing Comment

by:maxalarie
ID: 35010938
Thank you
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question