Linux: Open ssh port access using a combination... (knocking technique)

# debian and derived distros... install knockd: sudo apt-get install knockd # we edit /etc/default/knockd: (knockd confif file) sudo nano /etc/default/knockd # and put: START_KNOCKD=1 # let's create our ports sequence: let's say 3030,5050,7070 (open) and 7070,5050,3030 (close) # for this we edit /etc/knockd.conf: sudo nano /etc/knockd.conf: [options] UseSyslog [openSSH] sequence = 3030,5050,7070 seq_timeout = 5 # add our input access to iptables command = /sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j DROP tcpflags = syn [closeSSH] sequence = 7070,5050,3030 seq_timeout = 5 # delete our input access to iptables command = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j DROP tcpflags = syn # we start service: sudo /etc/init.d/knockd start # That's all, we're done. # .. and now... How can I open my host's ssh port (22) from remote location? # ... just like this (using nmap): # OPEN: nmap -sT -p3030,5050,7070 <ipaddress> # and then we CLOSE it: nmap -sT -p7070,5050,3030 <ipaddress> # you'll this output (example with 192.168.1.33): knockd: 192.168.1.33: openSSH: Stage 1 knockd: 192.168.1.33: closeSSH: Stage 2 knockd: 192.168.1.33: closeSSH: Stage 3 knockd: 192.168.1.33: closeSSH: OPEN SESAME knockd: closeSSH: running command: /sbin/iptables -D INPUT -s 192.168.1.33...
This is a technique called "knocking" (knock knock) to open ssh port only when we need it in a secure way, just as if it was a "safe box" (using a combination of access to specific ports and specific order).

It's very secure because only opens access to the ip address which get connected and give correct combination order.

Be the first to comment

You can use [html][/html], [css][/css], [php][/php] and more to embed the code. Urls are automatically hyperlinked. Line breaks and paragraphs are automatically generated.