/etc/suauth
Sean McMahon
smcmahon at usgs.gov
Mon Dec 19 12:54:53 EST 2005
Actually ssh is usually port 22 23 is usually telnet.
----- Original Message -----
From: "Charles Hallenbeck" <chuckh at hhs48.com>
To: <sdawes at telus.net>; "Speakup is a screen review system for Linux."
<speakup at braille.uwo.ca>
Sent: Sunday, December 18, 2005 11:37 AM
Subject: Re: /etc/suauth
> Steve,
>
> There is a Debian package called "knockd", not sure about other distros.
> It comes with a port sniffing daemon and a client program. You configure
> the daemon by specifying a trio of ports to monitor, and a couple of
> timing parameters. Once you do that you can close port 23 on your
> firewall, but keep the sshd daemon and the knockd daemon running.
>
> When some user wants to connect with ssh, she first issues the knock
> command giving the host name and the three ports, which is detected on
> the remote host, causing the firewall to open port 23 for a specified
> period. In my case it is 10 seconds. During that time the calling
> system issues the usual ssh or sftp command, makes connection, and the
> connection remains alive as long as needed. However, once the 10 second
> period expires, the firewall once again closes port 23 to any further
> connection requests unless again preceded by the correct port sequence.
> It is analogous to a "secret knock" on a door, as in spy movies or
> prohibition films. Very cool.
>
> I connect to my system this way by issuing something like this, but
> with the correct port numbers:
>
> knock hhs48.com 1234 2345 3456 ; ssh username at hhs48.com
>
> and it looks on the console identical to the case where port knocking is
> not in the picture.
>
> What distro do you use? Can you search for "knockd" for your system?
>
> Ch;uck
>
> --
> The Moon is Waning Gibbous (91% of Full)
> But you can still get downloads from http://www.mhcable.com/~chuckh
>
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
More information about the Speakup
mailing list