Notifications

67 views

Issue

Overview


This article describes two ways to configure Discovery to discover SSH Servers on ports other than the default 22.

1. Adding an IP Service


  1. Go to "Discovery Definition > IP Services" and add a New entry with the following information:
    • Name: SSH on 22000
    • Service name: Secure Shell Service on 22000
    • Port: 22000
    • Protocol: TCP
    • Creates: None
  2. Go to "Discovery Definition > Port Probes" and edit the entry "ssh"
    • Unlock the field "Triggered by services"
    • Add "SSH on 22000" to it
    • Save the Discovery Port Probe.

The next time you run Discovery, by default both ports 22 and 22000 will be scanned. The port that answers will be the one used for the SSHCommand probes.

The disadvantage is that both ports 22 and 22000 will be scanned for each scan, which will make your discoveries a bit slower.

In a very special situation, it can also be that both ports 22 and 22000 are available, both with an SSH server but you want the one on 22000 to be used.

These disadvantages can be worked around by using Behaviors

2. Using Behaviors


  1. Go to "Discovery Definition > IP Services" and add a New entry with the following information:
    • Name: SSH on 22000
    • Service name: Secure Shell Service on 22000
    • Port: 22000
    • Protocol: TCP
    • Creates: None
  2. Go to "Discovery Definition > Port Probes" and add a new entry (this is almost a copy of "ssh"): 
    • Name: SSH on 22000
    • Description: Secure Shell on 22000 Login
    • Scanner: Generic TCP with Banner
    • Triggered by services: SSH on 22000
    • Triggers probe: UNIX - Classify
    • Use classification: UNIX Classification
    • Classification priority: 2
    • Active: true
    • CIs: true
    • IPs: true 

When Discovery starts a discovery process it sends the Shazzam probe that includes, by default, the Port Probes defined in the Functionality Definition "All".

The Functionality Definition "All" includes by default:

  • wmi
  • snmp
  • ssh
  • http
  • wins
  • dns
  • printer
  • osx
  • ip_phone
  • slp
  • wbem

If you know that you want to discover ONLY devices that are listening on 22000, you could create a Functionality Definition that includes only "SSH on 22000" (or even both "ssh" and "SSH on 22000"). Then you just need to create a Behavior that uses that functionality and when you run a Discovery Schedule tell it to use that behavior.

The Discovery Schedule will discover only devices that are in that behavior/functionality.

  1. Go to "Discovery Definition > Functionality Definition" and add a New entry
    • Name: SSH on 22000
    • Port probes: SSH on 22000

    In case you want both 22 and 22000, you could call this functionality definition "SSH MyName" or whatever and include both port probes "ssh" and "ssh on 22000".

  2. Go to "Discovery Definition > Behavior" and add a New entry:
    • Name: Ssh Ipsos
    • Save
    • Open the entry and add a new entry in the related list "Discovery Functionality":
      • Phase: 0
      • Functionality definition: SSH on 2000 (the name used in step 3)
      • MID servers: Add the MID server (1 or more) to run this functionality.
  3. In your Discovery Schedules, set the field Behavior to "SSH NyName".
    That would cause that when the schedule starts, the Shazzam probe sent will only scan the ports corresponding to the Port Probes included in the Functionality Definition as explained in step 3). 

    Observe that the field "MID server" disappears from the Discovery Schedule. That is so because you already indicated what mid server(s) have to process this schedule.

All this has a lot of flexibility and of course, there is more to consider, especially when mid servers are set up in a load-balancing cluster. 

Additional Information


You can even define a behavior where a MID server is used for discovering devices on port 22, another MID server for port 22000 and another MID server for WMI. You just create behaviors including different functionalities. That way when a schedule runs with that behavior, Discovery will select the appropiate MID server for each device found.

Please find more information on our documentation site: Discovery Behaviors

Article Information

Last Updated:2019-08-02 21:06:01
Published:2019-07-15