Scanning a network and SSH each IP until I get in through SSH

Question

Normally, I would SSH into that machine using:

ssh [email protected]

That server in my network is forced to use DHCP in the subnet (134.96.90.0). And everytime it shuts down, I have to go find the possible IP using:

nmap -sP 123.45.67.0/24

Which outputs:

Starting Nmap 6.40 ( http://nmap.org ) at 2015-10-08 11:13 CEST
Nmap scan report for turning.some-name.de (123.45.67.2)
Host is up (0.00033s latency).
Nmap scan report for drucker-sek.some-name.de(123.45.67.19)
Host is up (0.0010s latency).
Nmap scan report for dhcp90-20.some-name.de (123.45.67.22)
Host is up (0.00036s latency).
Nmap scan report for dhcp90-21.some-name.de (123.45.67.27)

Then I have go and dial this mannually:

ssh [email protected]
ssh [email protected]
ssh [email protected]
ssh [email protected]

Then finally I know that it's assigned to 123.45.67.22.

If I can’t give a static IP to the server, is there a way to automate this crazy net scan + multiple SSH? (Imagine that I have >100 machines in the net)

---

I could do this to get the IP:

$ nmap -sP 123.45.67.0/24 | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' 

But how do I write the a for-loop or something to ssh and stop when I successfully ssh-ed into the server?

---

I get full access to this server but not access to the network admin, it's like plugging in any laptop to the network but in this case the laptop is some sort-of expensive machine. My distro:

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 14.04.3 LTS
Release:    14.04
Codename:   trusty

I have also tried to ssh the machine name from another machine within the subnet:

$ ssh machine-name.some-name.de
ssh: Could not resolve hostname machine-name.some-name.de: Name or service not known

But on the server itself, when I do ssh + tab, I see

::1                         
ff02::1                     
ff02::2                     
ip6-allnodes                
ip6-allrouters
ip6-localhost
ip6-loopback
machine-name
machine-name.some-name.de

---

Also, I have avahi-daemon running already but it seems like the broadcasting is controlled on the network side, only several other machines gets to broadcast their names, e.g. drucker-sek.some-name.de and turning.some-name.de:

$ sudo avahi-daemon
Daemon already running on PID 824

Answer 1

How about something like:

#! /bin/bash
for each in `nmap -sP 123.45.67.0/24 | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' `
do

    echo  $each
    nc -w 2 $each 22

    if [ $? -eq 0 ]
    then
        break;
    fi

done
ssh $each

This script will allow 2 seconds to see if SSH answers on the given IP address in turn, and when it gets to the first successful connection it will automatically break out of the loop and attempt to ssh in.

If you are on the same subnet as the PC you are looking for though, there is an easier way to find the IP address - use the ARP table to match the MAC address of your card !