The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How do I check my Shell Port?

Discussion in 'General Discussion' started by Huusoku, Nov 17, 2010.

  1. Huusoku

    Huusoku Active Member

    Joined:
    Dec 24, 2008
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Hello cP,

    It's been a while since I've posted here. I searched around here and on Google and can't seem to figure this out.
    First some background info, if you want to skip to my question, scroll down...

    Background Info

    2 or 3 years ago I changed my Shell port, and I know I wrote it down somewhere, but I can't find where I wrote it down for the life of me.

    I know, this is entirely my fault and I should have just left it on port 22, but I remember reading an article on how to increase the security on my server and I thought this was a good idea.

    I've needed to alter my PHP and do some shell work over the years and haven't been able to get in. Yes I know, pretty dumb. Each time I have to convince myself that the shell work I need to do is not important LOL

    Well, today I need to modify some suhosin settings and I can't, and I got really upset and decided to fix this problem once and for all.

    My Question

    I have FTP, WHM, and cPanel access with regular and root user, no problem there.

    How do I find out what port I moved the shell access to? I've been browsing around in my WHM (as root user) for a good 20 mins and can't find it anywhere. I fear that for the sake of security, this info is not available unless I am able to browse to my /etc/ssh or /usr/local/etc/ssh directory, but how can I do this if I can't get into the shell? (I'm hoping there is a way through whm)

    Thank you very, very much for the help!
    Regards,
    Huusoku
     
    #1 Huusoku, Nov 17, 2010
    Last edited: Nov 17, 2010
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You could try to reset SSH on the machine using this script in WHM:

    https://IP#:2087/scripts2/doautofixer?autofix=safesshrestart

    You would want to replace IP# with your server's IP# and it will then revert the /etc/ssh/sshd_config file to the default settings. It's possible SSH will not be accessible after doing this, though, so be warned that if it doesn't work, you'd need to get ahold of your datacenter or NOC to have them reboot the machine into single user mode and have them then assist in fixing SSH for you.
     
  3. Huusoku

    Huusoku Active Member

    Joined:
    Dec 24, 2008
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Thank you for the reply, I will try that out. My host is just an email away, so that option is always open, I just didn't want to waste their time over this since it is my fault!

    Another question: When I use PuTTY and try to connect using a port number guess, it returns with "Network error: Connection refused". I read that this means I entered an incorrect port number. Question: If I continue to try a bunch of different port numbers, will this constitute a brute force that will lock my IP # after 5 attempts? Or does the brute force prevention only apply to incorrect passwords? In order words, does brute force protection also count how many times I entered an incorrect port number?

    Thank you!
    Huusoku
     
  4. Huusoku

    Huusoku Active Member

    Joined:
    Dec 24, 2008
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Update on this...

    I ran .../doautofixer?autofix=test and it returned the following:

    And that was it. Does this mean that if I run the safesshrestart it is likely to not do anything?

    Thanks
     
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Did you check if you can now SSH on port 22 after running the script?
     
  6. Huusoku

    Huusoku Active Member

    Joined:
    Dec 24, 2008
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Negative because I only ran the test. I was too worried about breaking SSH permanently so I thought I would try something out first.....

    ...and....

    ....I figured it out!!! Here is what I did:

    I used an online port scanner and scanned ports 22 through 9000. Out of that range there were only 23 ports that were responding. About a third of these ports could be ruled out (obvious ones like 80, 110, 443, etc) so I ended up with just 16 ports that were responding to the port scan (ports I had no clue about).

    So I just started logging into each port in PuTTY, 1 by 1 (it was only 16 total so no biggie), and eventually I found my SSH port!!!! Suddenly I was staring at the "login as:" prompt. SWEEEEEEET!! :D:D:D

    For future Googlers who find this thread, here is what I did:
    I searched around for an online port scanner and used this: Online Port Scan | Port Scanning | Port Scanner | Portscan Tool
    - Enter your server's IP address
    - Leave the 2nd field blank (the "Scan this list of port numbers" field)
    - Enter a lower port number in the "Beginning port number field"
    - Enter an upper port number in the "Ending port number field"
    - Then click Scan (to the right of the blank 2nd field)

    Your server might be configured to prevent port scans, mine wasn't (interesting, I think now I'd like to configure it to prevent port scans) but you may have to check with your server so it doesn't think t1shopper.com is trying to attack it.

    It may take a few minutes to return all the results, and the list will be quite long (depending on the port range of your scan).

    Once the scan was completed, I highlighted the results and copy + pasted them into Microcrap Excel.

    There will be two types of results, either:
    xxx.xxx.xxx.xxx isn't responding on port xxxx
    or
    xxx.xxx.xxx.xxx is responding on port xxxx (....)

    So to narrow the list down, I used the Sort feature in Excel and sorted alphabetically. This moved all the "is responding" entries to the top, and I simply deleted all the "isn't responding" entries.

    Now you are left with just the ports that responded to the port scan. Hopefully your list was quite small like mine, and it only took me about 1 or 2 mins to try out a few different ports until I found the one that PuTTY liked!

    PuTTY would either hang forever or would return, "Server unexpectedly closed network connection". You will know when you find the right SSH port because it should connect immediately. If PuTTY is hanging for more than a couple of seconds, then just can it, it's not your SSH port.

    Thank you for the help cPanelTristan!! I finally got this figured out!! :)

    Now I am going to see if there is a way to block websites from scanning a ton of IP numbers. If this is an option in WHM, then, in the future, if I loose my port number again (God forbid LOL), I can log into WHM, disable the port scan blocker, and then scan a bunch of ports until I figure it out again. Then re-enable the port scan blocker.

    Having a good day over here,
    Huusoku
     
Loading...

Share This Page