/etc/suauth

[Charles Hallenbeck]

Steve,

There is a Debian package called "knockd", not sure about other distros. 
It comes with a port sniffing daemon and a client program. You configure 
the daemon by specifying a trio of ports to monitor, and a couple of 
timing parameters. Once you do that you can close port 23 on your 
firewall, but keep the sshd daemon and the knockd daemon running.

When some user wants to connect with ssh, she first issues the knock 
command giving the host name and the three ports, which is detected on 
the remote host, causing the firewall to open port 23 for a specified 
period. In my case it is 10 seconds. During that time the calling 
system issues the usual ssh or sftp command, makes connection, and the 
connection remains alive as long as needed. However, once the 10 second 
period expires, the firewall once again closes port 23 to any further 
connection requests unless again preceded by the correct port sequence. 
It is analogous to a "secret knock"  on a door, as in spy movies or 
prohibition films. Very cool. 

I connect to my system this way by issuing something  like this, but 
with the correct port numbers:

knock hhs48.com 1234 2345 3456 ; ssh username at hhs48.com

and it looks on the console identical to the case where port knocking is 
not in the picture.

What distro do you use? Can you search for "knockd" for your system?

Ch;uck

-- 
The Moon is Waning Gibbous (91% of Full)
But you can still get downloads from http://www.mhcable.com/~chuckh