Solved

How to find  ssh port on Linux box

Posted on 2011-03-01
15
709 Views
Last Modified: 2012-05-11
Very quick question  I had last night when using nmap.  Lets say  SSH is confgigured to listen on  another port than 22, is  it possible to detect what port ssh is listening to?
0
Comment
Question by:maxalarie
  • 8
  • 4
  • 3
15 Comments
 
LVL 40

Expert Comment

by:omarfarid
Comment Utility
you can use netstat to find out
0
 
LVL 2

Author Comment

by:maxalarie
Comment Utility
Nerstat will tell me what ports are used, but how will I know which one is SSH?
0
 
LVL 40

Expert Comment

by:omarfarid
Comment Utility
I do not have a system to test the command, but is the output of

netstat -na | grep -i list
0
 
LVL 2

Author Comment

by:maxalarie
Comment Utility
Thanks, but that does not really help me..  Netstat tells  you which port are open on the remote machine , which is good. But it does not tell you what port is used for ssh, when ssh is configured on a non STD port.  Maybe what i'm asking is impossible. It would be a breach of security.
0
 
LVL 40

Expert Comment

by:omarfarid
Comment Utility
is your question for ssh port on the local system or on the remote system?
0
 
LVL 16

Expert Comment

by:medvedd
Comment Utility
On local system, find your sshd process number and use lsof:

lsof -p xxxx | grep LISTEN

where xxxx - process number of sshd.

If you are trying to find ssh port on remote system, use nmap:

nmap -sV <hostname/ip>
0
 
LVL 2

Author Comment

by:maxalarie
Comment Utility
Ok,
Here is what  I want to do.

I have a domain  on the Internet,    SSH is configured to listen  on a non standard port. I just want to make sure that this port is not listed  when a port scanner tool is used.  The ipadress of my domain is: 75.98.164.221

the ssh port is not displayed when I use nmap. Only the default one is listed as closed.  What i find strange is that some other port  is listed as unknown: 55555.  My ssh port is way below that port number and is not getting listed by nmap.. I just wondering why
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 16

Expert Comment

by:medvedd
Comment Utility
If port is open to the world, it should be listed by nmap.
Does ssh is working on this port? I mean, can you ssh from outside to this
computer/port?
0
 
LVL 2

Author Comment

by:maxalarie
Comment Utility
Absolutely, i can ssh to it.  But the post is not listed by nmap.
0
 
LVL 16

Expert Comment

by:medvedd
Comment Utility
It's very strange. If you are ssh'ing from the same computer, nmap should list something like this:

2424/tcp open  ssh     OpenSSH 4.3 (protocol 2.0)

Do you have any firewalls between nmap and target host?
0
 
LVL 2

Author Comment

by:maxalarie
Comment Utility
I can  install nmap on the server since its  a remote cpanel hosting. But at the moment, and I am a little bit ashamed to admii it.. There is a firewall between the 2 machines..  

I will test with another server and get back..  

I cant believe I didnt think of that..
0
 
LVL 2

Author Comment

by:maxalarie
Comment Utility
The nmap return this:

Starting Nmap 5.00 ( http://nmap.org ) at 2011-03-01 19:17 UTC
Interesting ports on 75.98.164.221.static.a2webhosting.com (75.98.164.221):
Not shown: 984 filtered ports
PORT      STATE  SERVICE   VERSION
21/tcp    open   ftp       PureFTPd
22/tcp    closed ssh
25/tcp    open   smtp      Exim smtpd 4.69
53/tcp    open   domain
80/tcp    open   http      Apache httpd
110/tcp   open   pop3
125/tcp   closed locus-map
143/tcp   open   imap      Dovecot imapd
161/tcp   closed snmp
443/tcp   open   http      Apache httpd
465/tcp   open   smtps?
993/tcp   open   ssl/imap  Dovecot imapd
995/tcp   open   ssl/pop3
2041/tcp  closed interbase
2525/tcp  open   smtp      Exim smtpd 4.69


my ssh port is configured on port 7822 and its not listed here.
0
 
LVL 16

Accepted Solution

by:
medvedd earned 500 total points
Comment Utility
nmap  -PN -sV -p 7000-8000 75.98.164.221

PORT     STATE SERVICE VERSION
7822/tcp open  ssh     OpenSSH 5.5 (protocol 2.0)

By default, Nmap scans the most common 1,000 ports for each protocol,
so your port was not in the scan.
0
 
LVL 2

Author Comment

by:maxalarie
Comment Utility
ok.

thank you very much.
0
 
LVL 2

Author Closing Comment

by:maxalarie
Comment Utility
Thank you
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now