81

I am often on one computer in my house and I would like to SSH to another one, but often don't know the IP address of the one I want to connect to. Is there a way, from the command line, to scan the local network so I can find the computer I want to connect to?

Andrew
  • 3,573
  • 1
    If you don't know which computers are connected to your house's network, I think you might have a problem... – Massimo Apr 05 '12 at 08:31
  • 1
    ...and how do you know you're sshing into the right one? Time to sort out your ip addresses / name lookups. – symcbean Apr 05 '12 at 09:00
  • 7
    In defense of Andrew: yes, it's desirable to set unchanging IPs in the DHCP lease, and to have local names. However, consider the real-world case where I just carried a headless Ubuntu PC into the office and hooked it up. For the first connection, I wanted to find the IP without carrying a keyboard and monitor over to it. To symcbean's question, it was easy to know the correct PC based on the MAC address decoding (automatically done by nmap/Zenmap) to the motherboard manufacturer, and the operating system used. Sometimes you don't know the IP and need to find it. – Phrogz Nov 12 '15 at 18:27

  • but often don't know the IP address of the one I want to connect to Isn't this what DNS was invented for?

     – Chris McKeown Apr 05 '12 at 07:37

6 Answers6

115

From the command line you could use:

sudo nmap -sS -p 22 192.168.10.0/24

Substitute for the local address space on your network. I sometimes use this when I plug in a headless rasberry pi and want to find where to ssh to.

Community
  • 1
Joe ZzZ
  • 1,251
66

Use "nmap" - this will tell you which hosts are up on a network, and indeed which have port 22 open. You could combine it with a few other tools (like grep) to produce more targeted output if need be.

Note: do this only on YOUR network. Running up nmap or its equivalents on someone else's network is considered bad form.

sudo nmap -p 22 192.168.0.0/24
dmourati
  • 25,870
Tom Newton
  • 4,181
55
nmap -p 22 --open -sV 192.168.178.0/24
Motsel
  • 678
4

You can manually telnet each ip at port 22.

If successful you should see the OpenSSH version string.

The process of checking each ip in the subnet can be done by means of the 'for' directive.

Hector
  • 41
  • 1
3

I would advise against checking port 22 only. Not all SSH servers use port 22 by default. For instance, OpenSSH in Termux on my Android phone uses port 8022.

Instead, use nmap's powerful version detection feature, and check all ports:

% nmap -sV 192.168.68.0/24 | grep -wE '(scan report|ssh)'
Nmap scan report for 192.168.68.1
22/tcp   open  ssh       Dropbear sshd (protocol 2.0)
Nmap scan report for 192.168.68.100
22/tcp open  ssh     Dropbear sshd 2015.67 (protocol 2.0)
Nmap scan report for 192.168.68.101
Nmap scan report for 192.168.68.103
Nmap scan report for 192.168.68.105
8022/tcp open  ssh     OpenSSH 9.1 (protocol 2.0)

Also, it's a common tactic among sysadmins to change services like SSH to a weird high port in an attempt to hide it. Although that doesn't really apply in your situation, since you probably administer your own LAN machines.

Matt Alexander
  • 250
1

If you just want the hostnames/ips and don't want the other info:

sudo nmap -sS -p 22 192.168.1.0/24 | grep report
ericcurtin
  • 111