4

In our lab, we have a Linux server that we can log onto locally or ssh into with a specific IP. When I am logged into the machine, I can see its internal IP with ifconfig or ip a and I can see its external IP through something like curl icanhazip.com. However, the external IP reported by that last command, is different from the one I type in when using ssh to connect to the machine, I believe the reported IP is the IP of our router.

When I am logged into the machine locally, is it possible for me to find out which IP addresses can be used to ssh into the system (not the IP addresses of the users that are logged in, but rather what IP addresses I can use with the ssh ###.###.###.### command). I would like to find this out without logging into the router admin panel to see what IP addresses and ports are being forwarded. Would the ssh IP addresses be stored in a file (I could not find anything in /etc/sshd_config), or is there a command that I can run to display it, like with the internal IP?

Improve this question
2
  • 1
    Are you asking what addresses on the router are forwarded to the server? This is nothing to do with the server and everything to do with the router configuration (and any other machines which might have tunnels which point at the server). If that is the question, the answer is no, there is nothing on the server to tell you. Commented Jan 25, 2017 at 8:45
  • @icarus Yes, I believe my question could be reworded as you suggested. I understand that the router is where any configuration would take place, but I am curious if the server can somehow "see" which IP address is being forwarded to it when a user connects via ssh. Commented Jan 25, 2017 at 8:51

3 Answers 3

Reset to default
1

Many utilities will show the user's IP address, including who and w and last -ai.

Of course, if there is any form of redirection taking place, you may be looking at the machine that did the redirection.

Improve this answer
3
  • 2
    and last -ai of course. Commented Jan 25, 2017 at 1:55
  • @icarus: I was not planning to make an extensive list but it is a very good suggestion. You should add it to my answer. Commented Jan 25, 2017 at 3:14
  • @icarus JuliePelletier Thanks for the suggestions! However, I am not looking for the IP address of the where the user is logging in from. I am trying to find which IP addresses can be used to ssh into the machine. It seems like our router is forwarding specific addresses to this machine, and I am just curious if there is a way to view these addresses when logged into the machine. Sorry if this was unclear in the question, I edited it to clarify. Commented Jan 25, 2017 at 8:19
1

If I understand you correctly, you want to know if you can be on a LAN node behind a router and from that machine see which ports your router is using to forward you the SSH traffic? If that's the question, there's not going to be a way to do that in your scenario. The router config will not be visible to you, however there are several ways to go about probing to find it.

If it's a private network and you have authorization you can run a standard network map (nmap) and/or leave netstat open in a terminal. Better yet, get a verbose output of (insert firewall solution like ufw or firewalld or just iptables) and start/stop the services and your firewall will tell you exactly which ports are being pinged/blocked/used by ssh from both sides (router in, you out). The easiest way with Deb/Ubuntu/Mint would be to just open gufw as sudo and watch the log after typing sudo systemctl restart ssh

If the question is how to find your internal or external IP, I think that's been covered. But knowing those numbers is useless without the port (I'm sure you know the default for SSH is 22).

Improve this answer
5
  • Thanks for the suggestions! You understanding is partly correct, I want to see the ports AND the IP addresses the router is forwarding to this computer. Could you elaborate on exactly what commands to run? I tried running nmap -v 127.0.0.1, which shows me the open ports, but no forwarded IP addresses. I also tried netstat with different flags (a, c, r), but the only IP addresses I see are the local ones, not the one I type into the ssh ###.###.###.### command. I am trying with iptables currently, but no luck so far. Commented Jan 25, 2017 at 10:17
  • When you say you want all IPs being forwarded to your machine do you mean you want to see any IP that interacts with your node, or do you mean you're on a network with multiple outward facing IPs? The best thing I can give you off hand is arp-scan (probably will need to install from repo). For advanced information on flags and exactly what is going on check the man page, but essentially it's going to send ARP requests to the local network and track responses, giving you IPs and MAC addresses in use. It would look like this: sudo arp-scan 192.168.1.0/24 (netmask is just the most common) Commented Jan 25, 2017 at 23:13
  • As for nmap, try this: `nmap -sV [router address or your IP]' and it should give you a nice neat breakdown of what services it found on which ports. The very best thing to do would be to install zenmap (gtk frontend) and it's super easy to check flags, details, see everything graphically, etc. Commented Jan 25, 2017 at 23:15
  • One last thing.. if you are after the current sshd port being used by the machine you are on, just type: grep Port /etc/ssh/sshd_config Commented Jan 25, 2017 at 23:20
  • 1
    @cheflo: Your comments lead me to think that you're trying to get the original IP after it got NATed (by a router) and that is not possible. The IP packets do not keep track of their route for security and performance reasons. Commented Jan 27, 2017 at 17:51
0 
ip route get 8.8.8.8 | awk '{print $NF; exit}'

gives your local ip address

IP=$(curl -s http://www.whatsmyip.website); echo $IP

gives the ip address into the router

Improve this answer
2
  • Welcome to Unix.stackexchange! I recommend you take the tour. Commented Jan 25, 2017 at 4:44
  • Thanks for the reply. I am no looking for the local IP, nor the IP of the router. I want to know which address can be used to ssh into the computer, this is not the same as the router in my case, I suspect the router forwards specific addresses directly to this machine, and I am trying to find those out. Commented Jan 25, 2017 at 8:15

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.