Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How to find  ssh port on Linux box

Posted on 2011-03-01
15
738 Views
Last Modified: 2012-05-11
Very quick question  I had last night when using nmap.  Lets say  SSH is confgigured to listen on  another port than 22, is  it possible to detect what port ssh is listening to?
0
Comment
Question by:maxalarie
  • 8
  • 4
  • 3
15 Comments
 
LVL 40

Expert Comment

by:omarfarid
ID: 35009089
you can use netstat to find out
0
 
LVL 2

Author Comment

by:maxalarie
ID: 35009131
Nerstat will tell me what ports are used, but how will I know which one is SSH?
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 35009165
I do not have a system to test the command, but is the output of

netstat -na | grep -i list
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 2

Author Comment

by:maxalarie
ID: 35009200
Thanks, but that does not really help me..  Netstat tells  you which port are open on the remote machine , which is good. But it does not tell you what port is used for ssh, when ssh is configured on a non STD port.  Maybe what i'm asking is impossible. It would be a breach of security.
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 35009241
is your question for ssh port on the local system or on the remote system?
0
 
LVL 16

Expert Comment

by:medvedd
ID: 35009558
On local system, find your sshd process number and use lsof:

lsof -p xxxx | grep LISTEN

where xxxx - process number of sshd.

If you are trying to find ssh port on remote system, use nmap:

nmap -sV <hostname/ip>
0
 
LVL 2

Author Comment

by:maxalarie
ID: 35009767
Ok,
Here is what  I want to do.

I have a domain  on the Internet,    SSH is configured to listen  on a non standard port. I just want to make sure that this port is not listed  when a port scanner tool is used.  The ipadress of my domain is: 75.98.164.221

the ssh port is not displayed when I use nmap. Only the default one is listed as closed.  What i find strange is that some other port  is listed as unknown: 55555.  My ssh port is way below that port number and is not getting listed by nmap.. I just wondering why
0
 
LVL 16

Expert Comment

by:medvedd
ID: 35010322
If port is open to the world, it should be listed by nmap.
Does ssh is working on this port? I mean, can you ssh from outside to this
computer/port?
0
 
LVL 2

Author Comment

by:maxalarie
ID: 35010341
Absolutely, i can ssh to it.  But the post is not listed by nmap.
0
 
LVL 16

Expert Comment

by:medvedd
ID: 35010723
It's very strange. If you are ssh'ing from the same computer, nmap should list something like this:

2424/tcp open  ssh     OpenSSH 4.3 (protocol 2.0)

Do you have any firewalls between nmap and target host?
0
 
LVL 2

Author Comment

by:maxalarie
ID: 35010749
I can  install nmap on the server since its  a remote cpanel hosting. But at the moment, and I am a little bit ashamed to admii it.. There is a firewall between the 2 machines..  

I will test with another server and get back..  

I cant believe I didnt think of that..
0
 
LVL 2

Author Comment

by:maxalarie
ID: 35010789
The nmap return this:

Starting Nmap 5.00 ( http://nmap.org ) at 2011-03-01 19:17 UTC
Interesting ports on 75.98.164.221.static.a2webhosting.com (75.98.164.221):
Not shown: 984 filtered ports
PORT      STATE  SERVICE   VERSION
21/tcp    open   ftp       PureFTPd
22/tcp    closed ssh
25/tcp    open   smtp      Exim smtpd 4.69
53/tcp    open   domain
80/tcp    open   http      Apache httpd
110/tcp   open   pop3
125/tcp   closed locus-map
143/tcp   open   imap      Dovecot imapd
161/tcp   closed snmp
443/tcp   open   http      Apache httpd
465/tcp   open   smtps?
993/tcp   open   ssl/imap  Dovecot imapd
995/tcp   open   ssl/pop3
2041/tcp  closed interbase
2525/tcp  open   smtp      Exim smtpd 4.69


my ssh port is configured on port 7822 and its not listed here.
0
 
LVL 16

Accepted Solution

by:
medvedd earned 500 total points
ID: 35010885
nmap  -PN -sV -p 7000-8000 75.98.164.221

PORT     STATE SERVICE VERSION
7822/tcp open  ssh     OpenSSH 5.5 (protocol 2.0)

By default, Nmap scans the most common 1,000 ports for each protocol,
so your port was not in the scan.
0
 
LVL 2

Author Comment

by:maxalarie
ID: 35010933
ok.

thank you very much.
0
 
LVL 2

Author Closing Comment

by:maxalarie
ID: 35010938
Thank you
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question