1

The command: sudo netstat -ntulp gives me:

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      1263/mysqld     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1357/sshd       
tcp6       0      0 :::80                   :::*                    LISTEN      1857/apache2    
tcp6       0      0 :::22                   :::*                    LISTEN      1357/sshd       
tcp6       0      0 :::443                  :::*                    LISTEN      1857/apache2

Why is sshd listed twice? And what's the difference between 0.0.0.0:22 and :::22?

izzy
  • 13
  • 2

1 Answers1

7

This is normal, 0.0.0.0:22 is IPv4, :::22 is IPv6.

The fact that both lines are related to the same PID shows that you have only one SSH Daemon.

Bram
  • 2,459
Satō Katsura
  • 13,368
  • 2
  • 31
  • 50
  • Oh, you're obviously right! I missed the tcp6. So this wouldn't be the message I'm getting from a PCI scan: "unknown service found on tcp port: 22"? – izzy Sep 18 '17 at 18:47
  • 1
    What do you mean by "PCI scan"? – Satō Katsura Sep 18 '17 at 18:50
  • A scan for PCI compliance. Also known as PCI-DSS (Payment Card Industry Data Security Standard) – izzy Sep 18 '17 at 19:06
  • 2
    As I said, it's normal when you run sshd on both IPv4 and IPv6. Do check with the rule book though whether you're allowed to run sshd in the first place. – Satō Katsura Sep 18 '17 at 19:40