Displaying 3 results from an estimated 3 matches for "fwknopd".
Did you mean:
fwknop
2023 Jun 11
0
Minimize sshd log clutter/spam from unauthenticated connections
...a quasi-knocking KISS solution that
> sends an unencrypted secret via a single UDP packet. Server side is
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> realized entirely with nftables
... frankly, for that reason, I like fwknop (in my case, straight from
OS repos) better ... I'd still have to see fwknopd exit unexpectedly,
which is where a host-firewall-only mechanism on the server side would
have an advantage ...
http://www.cipherdyne.org/fwknop/
> ~# cd /etc/fwknop
> fwknop# diff access.conf.orig access.conf | sed -e '/> .*KEY/s/\t.*/\t.../'
> 204,206c204,211
> < SO...
2010 Aug 29
1
Ignorant question on pam_shield
I've seen pam_shield recommended several times
for protecting against malicious login attempts;
but I'm not quite clear if this requires one
to be already running some pam-based software?
Also, I'm running shorewall,
and would prefer a shorewall based protection,
but the advice I read on googling for this
seemed excessively complicated.
--
Timothy Murphy
e-mail: gayleard /at/
2007 Feb 19
0
Quick demo guide for SPA ( re: the port knocking thread )
...ROP instead, so that no-one knows
if sshd is running or not) (this step is optional)
#service iptables stop
#joe /etc/sysconfig/iptables
change
-A RH-Firewall-1-INPUT -j REJECT --reject-with
icmp-host-prohibited
to
-A RH-Firewall-1-INPUT -j DROP
Restart the firewall
#service iptables start
Start fwknopd --debug
Leave this debug window open, and you will see the rules
that fwknop adds to the firewall.
Setup the Client;
Install fwknop (the same package contains server and client
tools)
#cd /tmp
#wget
http://www.cipherdyne.org/fwknop/download/fwknop-1.0.1-1.i386.rpm
#rpm -i fwknop-1.0.1-1.i386....