If the admin doesn't set the ssh service port on default 22, how can I find the port that he set?

If the admin doesn't set the ssh service port on default 22, how can I find the port that he set? Trust me I don't plan to doing bad things. I am just curious!

update: The ssh service port is on 521. I can be sure. Because i can use ssh login via 521.
nmap addresshided -sV
Starting Nmap 5.51 ( http://nmap.org ) at 2011-09-30 09:38 CST
Nmap scan report for addresshided
Host is up (0.0052s latency).
Not shown: 996 filtered ports
PORT    STATE  SERVICE VERSION
23/tcp  closed telnet
80/tcp  closed http
443/tcp closed https
631/tcp closed ipp

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 5.45 seconds

I think i need to study nmap further. Thank you for all the reply. :-)

LouXiu

Posted 2011-09-29T13:51:49.310

Reputation: 212

this comes up blank? >nmap -P0 -p521 ip – barlop – 2011-09-30T01:57:10.167

Answers

nmap [ip] -sV

or, if on the local machine:

netstat -tlp | grep -i ssh

Sirex

Posted 2011-09-29T13:51:49.310

Reputation: 10 321

1Good answer, but why the backticks? what's the output being used for? Typing this as shown will give you odd errors. I know this is nit-picky, but the cmd line IS picky... especially since naive people will type it exactly as shown, just as they've been taught since day one. – lornix – 2011-09-29T20:28:19.983

@Sirex, It doesn't work. – LouXiu – 2011-09-30T01:46:17.200

Seriously, send them an email and ask.

Kusalananda

Posted 2011-09-29T13:51:49.310

Reputation: 1 941

+1. Simple solution to a simple problem. Unauthorized port scans are against terms and conditions within certain networks too. – Jin – 2011-09-30T01:53:57.587

You can use this easy to use online tool port scanner. It will list out all the open ports and what are the configured for.
---EDIT--
You could use the following commands :

$ lsof
This lists out all you open ports
$ netstat -nan | grep 22
This will give you detail of theport specified

Shekhar

Posted 2011-09-29T13:51:49.310

Reputation: 4 815

22 "SSH"-Port is closed. But the ssh service is on 521. I am sure it is open. Because i can login. – LouXiu – 2011-09-29T14:07:51.897

@LouXiu so problem solved, isn't it? Or did I miss something? – woliveirajr – 2011-09-29T14:10:45.590

@woliveirajr, =.= No... that port scanner's result is not even include 512. I know the ssh service is on 512. lsof and netstat works if i login the server. But if i am not in the server. How can i do it? – LouXiu – 2011-09-29T14:15:45.317

have you tried my answer, using some app to do that ? – woliveirajr – 2011-09-29T14:19:50.727

@woliveirajr, I tried that port scanner. – LouXiu – 2011-09-30T01:40:56.533

Run the following in a terminal:

lsof | grep IPv4 | grep ssh

lsofwill list all open files and ports.
grep IPv4 weeds out everything except open IP sockets
grep ssh shows only lines with ssh.

If you look through the results, you should be able to find which ports are in use by the ssh process.

Stephen Jennings

Posted 2011-09-29T13:51:49.310

Reputation: 21 788

This will only work locally, correct? If so, I suppose one couldn't necessarily open the ssh config read-only.. Interesting answer. :) – James T Snell – 2011-09-29T14:17:43.457

@Doc: Ha, you're right. It didn't even occur to me the asker might not be on the computer he's asking about. – Stephen Jennings – 2011-10-01T15:22:38.013