How to scan local network for SSH-able computers?

Question

I am often on one computer in my house and I would like to SSH to another one, but often don't know the IP address of the one I want to connect to. Is there a way, from the command line, to scan the local network so I can find the computer I want to connect to?

If you don't know which computers are connected to **your house**'s network, I think you might have a problem... — Massimo, Apr 05 '12 at 08:31
...and how do you know you're sshing into the right one? Time to sort out your ip addresses / name lookups. — symcbean, Apr 05 '12 at 09:00
In defense of Andrew: yes, it's desirable to set unchanging IPs in the DHCP lease, and to have local names. However, consider the real-world case where I just carried a headless Ubuntu PC into the office and hooked it up. For the first connection, I wanted to find the IP without carrying a keyboard and monitor over to it. To symcbean's question, it was easy to know the correct PC based on the MAC address decoding (automatically done by nmap/Zenmap) to the motherboard manufacturer, and the operating system used. Sometimes you don't know the IP and need to find it. — Phrogz, Nov 12 '15 at 18:27
> but often don't know the IP address of the one I want to connect to Isn't this what DNS was invented for? — Chris McKeown, Apr 05 '12 at 07:37

score 108 · Answer 1 · edited Mar 29 '16 at 13:16

108

From the command line you could use:

sudo nmap -sS -p 22 192.168.10.0/24

Substitute for the local address space on your network. I sometimes use this when I plug in a headless rasberry pi and want to find where to ssh to.

edited Mar 29 '16 at 13:16

Community

1

answered Nov 12 '15 at 23:51

Joe ZzZ

1,181
2
7
2

7

Exactly one of the use-cases that lead me to ask this question. Thanks! – Andrew Nov 14 '15 at 20:27
+1 Also using for raspberry pi but: ```sudo nmap -sS -p 22 192.168.10.0/24``` – Gtx Feb 14 '16 at 18:21

score 53 · Accepted Answer · edited Oct 09 '20 at 02:25

53

Use "nmap" - this will tell you which hosts are up on a network, and indeed which have port 22 open. You could combine it with a few other tools (like grep) to produce more targeted output if need be.

Note: do this only on YOUR network. Running up nmap or its equivalents on someone else's network is considered bad form.

sudo nmap -p 22 192.168.0.0/24

edited Oct 09 '20 at 02:25

dmourati

24,720
2
40
69

answered Apr 05 '12 at 07:07

Tom Newton

4,021
2
23
28

http://www.bluebitter.de/portscn2.htm Use BluePortScan if you want a more simple thing than nmap – Gk. Apr 05 '12 at 07:16
9

This accepted answer doesn't even have a simple example line – hmedia1 Oct 20 '18 at 10:32
3

added an example invocation – dmourati Oct 09 '20 at 02:26

score 51 · Answer 3 · answered Feb 16 '18 at 21:51

51

nmap -p 22 --open -sV 192.168.178.0/24

answered Feb 16 '18 at 21:51

Motsel

638
5
6

How is this different than the other answers? How do we know that is my local network? – chicks Feb 16 '18 at 22:13
1

It does not require `sudo` and can be used with Android NetworkMapper – Vadym Tyemirov Jul 17 '18 at 15:05
9

I prefer this answer. The addition of `--open` removed a lot of crud from the output and actually showed me the machine I was looking for. – Duncan Jones Oct 27 '18 at 06:11
1

adding `-oG -` cleans up the output even more – Sep 10 '20 at 11:56

score 4 · Answer 4 · answered Mar 29 '16 at 13:30

4

You can manually telnet each ip at port 22.

If successful you should see the OpenSSH version string.

The process of checking each ip in the subnet can be done by means of the 'for' directive.

answered Mar 29 '16 at 13:30

Hector Luis Gimbatti

41
1

could you provide an example? – Isaac Apr 04 '22 at 04:27

score 1 · Answer 5 · answered Jan 09 '22 at 13:36

1

If you just want the hostnames/ips and don't want the other info:

sudo nmap -sS -p 22 192.168.1.0/24 | grep report

answered Jan 09 '22 at 13:36

ericcurtin

111
2

How to scan local network for SSH-able computers?

5 Answers5