How to check/adjust SSH server on embedded board

I'm currently having difficulties connecting to an embedded board from my Linux machine through ssh. The embedded board is a FOX G20 V with a Linux OS. I've tried to connect to the board through several ports, I have followed all the solutions online regarding firewall, public/private keys and iptables configuration. Nevertheless, I always get the error message

connect to host port 22: Connection refused

This got me thinking, perhaps I need to check the ssh status on the embedded board and to check what port it's listening on. But since I can't even connect to the board to check this information out, I'm stuck. For what it's worth, I am able to ping to the board.

Does anyone therefore have a solution as to how I can check the ssh status?

Adam

Posted 2014-04-23T13:44:34.740

Reputation: 145

Answers

Judging from your question, it appears the board is not under your control, otherwise you would know (I presume) which port ssh is listening on, if at all.

If this is indeed the case, then nmap is your only friend (or some other scanner, of course). My suggestion is to do a heavy scan:

  sudo nmap -T5 -A -p1-65535 ip.address.of.board

The flag -T5 reduces the time interval between probes, which should not be a worry for you (you are not trying to go undetected, are you?). The -A flag introduces a number of tests performed through scripts, which may also prove useful. The -p1-65535 makes sure you test all ports, not just the lowest-numbered ones.

This will tell you, except in the presence of elaborate evasive action (port knocking, anyone?), whether an ssh service is listening at all, and on which port.

Of course this implies you are checking on TCP ports, which is the correct choice if you are investigating a possible ssh service. However, most people forget that an nmap scan does not, by default, scan UDP ports; once again, this is irrelevant for ssh, but just for the sake of completeness, if you were trying to do the same for OpenVPN, you would have to issue the command:

 sudo nmap -sU -T5 -A -p1-65535 ip.address.of.board

MariusMatutiae

Posted 2014-04-23T13:44:34.740

Reputation: 41 321

1Thank you for your answer. I'm guessing you meant sudo nmap instead of sudo namp? In any case, I get command not found so I think I have to install it. Knowing that I don't have an internet connection on the machine that I'm working on (this is not it), is there a way I can manually install ùmap? Thank you. – Adam – 2014-04-24T07:02:45.180

@JohnSmith Yes, indeed I meant sudo nmap. You can download the code for nmap here, http://nmap.org/download.html, load it unto a USB drive, and bring it to the pc without an Internet connection.

– MariusMatutiae – 2014-04-24T07:13:14.317

I notice even with -T1 (1 millisecond rather than 5), it takes over 65sec on my network. it is still going after 3min. any idea why? it sitll seems slow. Anyhow, that aside, a good switch is -v that very quickly displays the open ports as it runs so no need to wait for completion. – barlop – 2014-04-29T00:06:29.703

@barlop 1 millisecond per port, 65000-odd ports = 65 sec. – MariusMatutiae – 2014-04-29T05:40:31.767

@MariusMatutiae yes correct 65 thousand * 65 thousandths is 65. What I am saying is that one might expect that scanning with -T1 would take 65 seconds You seem to think so. But as I said, in my test it does not. It takes over 3min. And -T5 would be longer. Have you timed how long it takes for you to scan 65535 ports with -T1 vs -T5? You may find your assumption of 65sec in your last comment for -T1 doesn't hold up – barlop – 2014-04-29T11:48:01.763

I've tested it. Doing it with -v, it gives an ETA of remaining time, after about a minute. estimate it gives is of 14min for with -T5 24min without -T5. Faster, but not as fast as 5min for -T5 that one might expect. Then I tried it without -T5 and it said 15min. so, I couldn't get it to repeat. Test didn't determine much.but -T5 is still worth a shot. – barlop – 2014-05-05T11:09:23.193

nmap of course(i.e. do a port scan). nmap -P0 -p1-65535 5.6.7.8 (where 5.6.7.8 is the ip) maybe somebody has a better idea or better parameters. That -P0 makes it work even if you didn't get a ping response. and scanning all those ports (1-65535) at once may be a bit slow(or perhaps ok on a LAN)

added -v is an excellent switch, it makes nmap show the results as it progresses. that is very fast. nmap -v -P0 -p1-65535 5.6.7.8 (and perhaps you may find -T5 as marius suggests makes it faster)

added as to the other aspect of your question, how to adjust the ssh server port, I haven't checked to see if it's possible to edit sshd_config while logged in but that'd be a path to try. You open sshd_config (it's within /etc e.g. /etc/ssh/sshd_config and it will say e.g. Port 22 so you make a new line and type Port 12345, then restart the system or the sshd server. and (you can use nmap and test your two ports eg 22 and 12345) so see you still have port 22 and that you get the additional port. That(adding an additional port) seems safer than adjusting the one port it is on because if that goes wrong you've locked yourself out. You can always edit again and remove a port. Hopefully sshd_config doesn't lock while logged in, give it a try and report back. Hopefully some know some other ways as it's always good to have multiple methods.

barlop

Posted 2014-04-23T13:44:34.740

Reputation: 18 677

@JohnSmith you're supposed to click the up/down vote to express that, rather than creating the litter of writing "Thanks" on a website that is for technical content. – barlop – 2014-04-24T07:56:38.577

1I'm only at 10 reputation and you need a minimum of 15 reputation :) If you upvote my question I'd be able to upvote the answer! – Adam – 2014-04-24T07:57:40.977

1@JohnSmith I did already but I just upvoted your other questions so that should do it – barlop – 2014-04-24T07:58:27.813

Thanks just upvoted your's too. Thanks for your added answer. I'll take a look at that as well! – Adam – 2014-04-24T08:04:14.280