I recently started using VPS.
I'd like to make sure that port 22 used by ssh is open properly. Is there a command to check from an external linux?
Also, please let me know if there is a way to find out if the port number has been changed or if it is open even though it is not currently being used.
I checked with iptables from the inside, but I'm worried, so I'd like to check from the outside.
I look forward to your kind cooperation.
linux centos ssh
What about the nc
(or netcat
) command?
The -z
option acts as a port scan mode.
Below is an excerpt from manc
.Multiple port numbers can also be scanned.
$nc-z host.example.com 20-30
Connection to host.example.com 22 port [tcp/ssh] succeeded!
Connection to host.example.com 25 port [tcp/smtp] succeeded!
I think the nmap
command is appropriate.
$nmap-pssh [destination host]
Starting Nmap 6.40 (http://nmap.org)
Nmap scan report for XXX.XXX.XXX.XXX
Host is up (0.051s latency).
PORT STATE SERVICE
22/tcp open ssh
Nmap done —1 IP address (1 host up) scanned in 0.35 seconds
If open
appears, it is open; if filtered
appears, it is not open.Also, if sshd is using a port number other than 22, it will specify that port number.Both Debian and RedHat Linux seem to be offered as nmap
packages.
The nmap
command allows you to specify multiple service names/port numbers.
$nmap-pssh, http, https [destination host]
Starting Nmap 6.40 (http://nmap.org)
Nmap scan report for XXX.XXX.XXX.XXX
Host is up (0.056s latency).
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp filtered https
Nmap done —1 IP address (1 host up) scanned in 0.34 seconds
$tcptraceroute-n-q1-w1 [destination host] ssh
Selected device eth0, address 192.168.0.3, port58368 for outgoing packets
Tracing the path to XXX.XXX.XXX.XXX on TCP port 22(ssh), 30 hops max
1 192.168.0.10.807 ms
:
13 *
14XXX.XXX.XXX.XXX [open] 48.457 ms
Finally, [open]
indicates that the port is open.If not, closed
appears.
Both Debian and RedHat Linux appear to be offered as tcptraceroute
packages.
The netcat (nc
) is light and recommended as an anywhere command.
nc-v-z-w 1<my_server.com> 22
echo$?
echo
output is success (OPEN) if 0
and failure (CLOSE) if 1
.The operation is clear, so I think it can be used to incorporate it into the shell script.Here's a brief description of the elements:
nc:
-z
:scan only-w
:timeout value in seconds-v
—Provides detailed outputbash:
$?
—Exit codeTo scan ports 80 through 500:(If you want to check UDP services instead of TCP, add -u
to the options.)
$nc-z-w1<my_server.com> 80-500
Connection to my_server.com port 80 [tcp/http] succeeded!
Connection to my_server.com port 222 [tcp/rsh-spx] succeeded!
Connection to my_server.com port443 [tcp/https] succeeded!
In addition to checking the port, when checking whether text-based services are running, interact with telnet<my_server><port>
.Interaction with telnet
may help you determine if the service is really up in order in an environment where a dedicated port scanner is not available.Even Windows has the same name, so if you want to check a few ports, you may want to remember only telnet
.
You can use the telnet
command to easily verify it, run it on $telnet host port
.
# The environment I have is FreeBSD, so please don't worry about it
If the port is open
$telnet192.168.1.122
Trying 192.168.1.1 ...
Connected to 192.168.1.1.
Escape character is'^]'.
SSH-2.0-OpenSSH_5.8p2_hpn13v11FreeBSD-20110503
^] ← Please enter (Ctrl+)
telnet>quit←Please enter
If the port is closed
$telnet192.168.1.122
Trying 192.168.1.1 ...
telnet:connect to address 192.168.1.1: Connection refused
telnet —Unable to connect to remote host
The port is closed even if it stops at Trying...
If the port is open but stopped at tcpwrapper
$telnet192.168.1.122
Trying 192.168.1.1 ...
Connected to 192.168.1.1.
Escape character is'^]'.
^] ← Please enter (Ctrl+)
telnet>quit←Please enter
Compared to the first example, SSH-2.0-OpenSSH_5.8p2_hpn13v11FreeBSD-20110503
is missing
A comprehensive study would be to perform a port scan.A famous program is nmap
.Most distributions offer binary packages.The following example scans ports from 1 to 1024.You can also optionally specify and expand ports.
$nmap192.168.1.1
Starting Nmap 6.25 (http://nmap.org) at 2015-02-02 22:25 JST
Nmap scan report for host.example.jp (192.168.1.1)
Host is up (0.046s latency).
Not down—993 filtered ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp closed domain
80/tcp open http
443/tcp open https
587/tcp open submission
Nmap done —1 IP address (1 host up) scanned in 45.61 seconds
Don't make mistakes on hosts that you don't manage.
If it is limited to ssh, I think you can confirm your request by specifying the port number with the -p option.
$ssh-p22user@server exit
$ ssh-p222 user@server exit
ssh:connect to host server port 222:connection refused
© 2024 OneMinuteCode. All rights reserved.