Whilst trying to reboot a stubborn server I couldn’t reach from the admin panel, I noticed with nmap that there is an extra port 60910 that appears to be opened on my droplet. However I can only see this port externally and not from within the droplet itself.
From inside droplet:
Starting Nmap 7.01 ( https://nmap.org ) at 2018-06-27 16:18 EST
Nmap scan report for example.com (xxx.xxx.xxx.xxx)
Host is up (0.00090s latency).
Not shown: 65529 closed ports
PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
443/tcp open https
From outside droplet:
Starting Nmap 7.01 ( https://nmap.org ) at 2018-06-27 16:00 EST
Nmap scan report for example.com (xxx.xxx.xxx.xxx)
Host is up (0.038s latency).
Not shown: 65528 filtered ports
PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
443/tcp open https
60910/tcp open unknown
It appears to be an SSH daemon running on that port since it asks me to confirm an ED25519 key fingerprint, but does not accept the private key I have set up on my droplet’s usual SSH port.
I attempted to find documentation on this but couldn’t find any. I’m assuming this is used for maintenance on the hypervisor, but wanted to know exactly what it was used for and make sure that others can’t use that to access my droplet without my knowledge?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hello,
You can also use netstat to see what service is listening on this port. To make netstat available on your system simply install the net-tools package using the bellow command:
Ubuntu
CentOS
Then you can run the netstat command to show you what’s listening on the port:
You will then see the exact service that is using the port. Let me know if you have any questions.
Alex