I have successfully used the examples on the shorewall.net site to implement port knocking to allow me to gain shell access to the server i control. I am wondering how I can modify the SSHKnock script to open another port at the same time. I am wanting to additionally open port 10000 for webmin access. Thanks in advance ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
Marcus Limosani wrote:> I have successfully used the examples on the shorewall.net site to > implement port knocking to allow me to gain shell access to the > server i control. > > I am wondering how I can modify the SSHKnock script to open another > port at the same time. > > I am wanting to additionally open port 10000 for webmin access.I recommend simply tunneling webmin over your SSH connection. When you initiate your ssh session: ssh -X 9000:foo.bar.com:10000 foo.bar.com Once the ssh connection is established, you can now open port 9000 on the client system (localhost:9000 in your web browser) which will result in your being connected to port 10000 on the remote gateway. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
Tom Eastep wrote:> Marcus Limosani wrote: >> I have successfully used the examples on the shorewall.net site to >> implement port knocking to allow me to gain shell access to the >> server i control. >> >> I am wondering how I can modify the SSHKnock script to open another >> port at the same time. >> >> I am wanting to additionally open port 10000 for webmin access. > > I recommend simply tunneling webmin over your SSH connection. When you > initiate your ssh session: > > ssh -X 9000:foo.bar.com:10000 foo.bar.comThe -X should be -L: ssh -L 9000:foo.bar.com:10000 foo.bar.com Although, it is legitimate to use both -X and -L: ssh -X -L 9000:foo.bar.com:10000 foo.bar.com The -X option allows you to run X-based apps on the remote system; ssh tunnels X back from that system to your local X server. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
That worked a treat, very happy with that as an option. -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Monday, 1 June 2009 11:49 PM To: Shorewall Users Subject: Re: [Shorewall-users] Port Knocking Tom Eastep wrote:> Marcus Limosani wrote: >> I have successfully used the examples on the shorewall.net site to >> implement port knocking to allow me to gain shell access to the >> server i control. >> >> I am wondering how I can modify the SSHKnock script to open another >> port at the same time. >> >> I am wanting to additionally open port 10000 for webmin access. > > I recommend simply tunneling webmin over your SSH connection. When you > initiate your ssh session: > > ssh -X 9000:foo.bar.com:10000 foo.bar.comThe -X should be -L: ssh -L 9000:foo.bar.com:10000 foo.bar.com Although, it is legitimate to use both -X and -L: ssh -X -L 9000:foo.bar.com:10000 foo.bar.com The -X option allows you to run X-based apps on the remote system; ssh tunnels X back from that system to your local X server. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com