Every developer who works with multiple machines in a local network has faced this situation: you need to SSH into another machine but can't remember its current IP address. DHCP-assigned addresses change, and static IPs aren't always practical for all devices.
Here are the most effective command-line tools for discovering SSH hosts:
# Basic ping sweep (Linux/macOS)
for ip in $(seq 1 254); do ping -c 1 192.168.1.$ip | grep "bytes from" | awk '{print $4}' | cut -d ":" -f 1 & done
# Using nmap (more comprehensive)
nmap -p 22 --open 192.168.1.0/24
# Using arp-scan (fast discovery)
arp-scan --localnet | grep -E '([0-9]{1,3}\.){3}[0-9]{1,3}'
For more precise SSH host discovery, we can combine tools:
#!/bin/bash
# SSH host discovery script
network="192.168.1"
timeout=1
for host in {1..254}; do
ip="${network}.${host}"
(nc -z -w $timeout $ip 22 2>/dev/null && echo "SSH available on $ip") &
done
wait
To make the output more useful, we can extend our scripts:
# Enhanced nmap command with hostname resolution
nmap -p 22 --open -sV 192.168.1.0/24 | \
awk '/Nmap scan report/ {host=$5} /22\/tcp/ {print host, $3}'
# Python alternative
import socket
import subprocess
def check_ssh(ip):
try:
sock = socket.create_connection((ip, 22), timeout=1)
banner = sock.recv(1024)
sock.close()
return "SSH" in banner.decode('utf-8', errors='ignore')
except:
return False
For frequently accessed machines, consider these approaches:
# Add hosts to ~/.ssh/config
Host dev-server
HostName 192.168.1.45
User developer
IdentityFile ~/.ssh/dev_key
# Use avahi/zeroconf for .local resolution
ssh developer@dev-machine.local
Remember that network scanning:
- May trigger intrusion detection systems
- Should only be performed on networks you own/administer
- Can be optimized to minimize network impact with proper timing
When working in a local network environment (like a home or office), you might need to SSH into another machine but don't know its current IP address. DHCP-assigned addresses can change, and manually checking each device is inefficient. Here's how to programmatically discover SSH-ready hosts.
These command-line tools are available on most Unix-like systems (Linux/macOS) and can be installed on Windows via WSL:
# Basic connectivity check
ping -c 4 192.168.1.255 # Broadcast ping (may be blocked)
arp -a # Show ARP cache
The most powerful solution is nmap, the network mapper:
# Install nmap if needed
sudo apt install nmap # Debian/Ubuntu
brew install nmap # macOS
# Basic scan for open SSH ports (port 22)
nmap -p 22 --open 192.168.1.0/24
# More detailed version with hostnames
nmap -p 22 --open -sV 192.168.1.0/24
When nmap isn't available, try this bash one-liner:
for ip in {1..254}; do
nc -zv -w 1 192.168.1.$ip 22 2>&1 | grep succeeded
done
Save this as find_ssh_hosts.sh:
#!/bin/bash
SUBNET=$(ip route | grep 'src' | awk '{print $1}')
echo "Scanning $SUBNET for SSH hosts..."
nmap -p 22 --open -oG - $SUBNET | \
awk '/Up$/{print $2}' | \
while read ip; do
echo -n "$ip: "
ssh -o ConnectTimeout=2 -o StrictHostKeyChecking=no $ip hostname 2>/dev/null || echo "Unknown"
done
- Scan only your own networks
- Respect firewall rules and network policies
- Use
-T politeflag in nmap for slower, less intrusive scans
For long-term convenience, consider:
# Set static DHCP leases in your router, or
# Use avahi/zeroconf (hostname.local) with:
sudo apt install avahi-daemon # Linux