/etc/suauth
Igor Gueths
igueths at lava-net.com
Tue Dec 20 12:00:55 EST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi. In terms of the port knocking, there are various implemenntations floating around afaik. http://portknocking.org is the oriiginal Perl prototype. Knockd I've heard of somewhere as well;
another implementation that I think is based on the original.
On Mon, Dec 19, 2005 at 10:54:53AM -0700, Sean McMahon wrote:
> Actually ssh is usually port 22 23 is usually telnet.
> ----- Original Message -----
> From: "Charles Hallenbeck" <chuckh at hhs48.com>
> To: <sdawes at telus.net>; "Speakup is a screen review system for Linux."
> <speakup at braille.uwo.ca>
> Sent: Sunday, December 18, 2005 11:37 AM
> Subject: Re: /etc/suauth
>
>
> > Steve,
> >
> > There is a Debian package called "knockd", not sure about other distros.
> > It comes with a port sniffing daemon and a client program. You configure
> > the daemon by specifying a trio of ports to monitor, and a couple of
> > timing parameters. Once you do that you can close port 23 on your
> > firewall, but keep the sshd daemon and the knockd daemon running.
> >
> > When some user wants to connect with ssh, she first issues the knock
> > command giving the host name and the three ports, which is detected on
> > the remote host, causing the firewall to open port 23 for a specified
> > period. In my case it is 10 seconds. During that time the calling
> > system issues the usual ssh or sftp command, makes connection, and the
> > connection remains alive as long as needed. However, once the 10 second
> > period expires, the firewall once again closes port 23 to any further
> > connection requests unless again preceded by the correct port sequence.
> > It is analogous to a "secret knock" on a door, as in spy movies or
> > prohibition films. Very cool.
> >
> > I connect to my system this way by issuing something like this, but
> > with the correct port numbers:
> >
> > knock hhs48.com 1234 2345 3456 ; ssh username at hhs48.com
> >
> > and it looks on the console identical to the case where port knocking is
> > not in the picture.
> >
> > What distro do you use? Can you search for "knockd" for your system?
> >
> > Ch;uck
> >
> > --
> > The Moon is Waning Gibbous (91% of Full)
> > But you can still get downloads from http://www.mhcable.com/~chuckh
> >
> > _______________________________________________
> > Speakup mailing list
> > Speakup at braille.uwo.ca
> > http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
>
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
- --
Any society that would give up a little liberty to gain a little
security will deserve neither and lose both.
- -- Benjamin Franklin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iQIVAwUBQ6g4x6e2pgKIdGq4AQr3GA/8CVhmjGkmQxCkniWRZiggFH0rSUhCH9UL
nneI63JUN44M+hQioFvAdLAHW6w11xq7oXwUP5P+p7QKIW6kyvx+lT0fZe1E6dOY
TYsmTSeF3IaXKHSKICrnKCuph2Hysh0LAKsWSQXRAzDMgNGOFRMVWKI8Cym4V4go
M3UdHN0e23BJu02ZD9FS4BumnCnFurOknwV3uCaRHc6YCGbKgSo5wVGHq9n+efBy
zc/CeQA+ofVZ4QMSiOxFlPd3xGmTyP07ZbF0tvaz8TXnELthp1iG57kLcV5Q+ID2
XxscYEUsPJAzLwcpOCoGexma8DSwzgWCtPXqoEcFhTMTXJGzE+nD9TuyPbM203yS
r5OTfnfX2euN+p3X6nVbVy9XbAx2L8iTRm0AlORiAVNLrc6x7ZRpZXhhErnqVLDj
9u7ONXFUK9Dq0RU5JbV/nT0CBC9dsq+sYJbreDNhTnNmFJIcXOB6upwc1pBKBEdt
+bF3iqvJDtl7CRuXiDPDHSiOeU+1oHXLJtYEOVoU6ZmZrzDaKZtvZccPL204jt+U
tEfByTuyODBEGYIbu7lybX5smW510oGzuWe7eZpfnkctuLzyHEfojAvfwiorbeLS
DGgqeGd7PkEzuBQ4dNkTKcvhcLE+y1voRRicb+cTEbuqZcQY8J1uXVIhtfY6lWCe
39MtSf0cStI=
=+lVs
-----END PGP SIGNATURE-----
More information about the Speakup
mailing list