Displaying 3 results from an estimated 3 matches for "port_knock".
2024 Jul 04
1
Request for a Lockdown option
...ock server
to do the I/O plus sh(1)ell based client which can do .. whatever.
The whitelist default whitelists the source IP for 30 seconds.
836 0% 1 0% /root/port-knock-server PORT-NUMBER /root/bin/port-knock-client.sh
But it "integrates" into and relies upon the firewall via
# port_knock: input only server
if [ -n "${SERVER}" ] && fwcore_has_i port_knock; then
: ${FWCORE_PORT_KNOCK:?port_knock in FWCORE_IPROTOS needs FWCORE_PORT_KNOCK}
if ipaddr_split ap "${FWCORE_PORT_KNOCK}"; then
add_rule -p udp --dport...
2024 Jul 14
2
Request for a Lockdown option
...pubkey (base64) + LF
2. LF (gives as room to place a NUL upon receive)
3. SSH signature cipher-encrypted with password in 1. (base64) + LF
Ie after placing some SSH principals in /tmp/.Zsigs,
cd /tmp/
gcc -o ./zt ./s-port-knock-bin.c
./s-port-knock.sh create-server-key .Zkey
we can do
PORT_KNOCK_BIN=/tmp/zt ./s-port-knock.sh \
start-server -v 45045 \
/tmp/s-port-knock.sh /tmp/.Zkey-pri.pem /tmp/.Zsigs
and in another window
PORT_KNOCK_BIN=/tmp/zt ./s-port-knock.sh \
knock localhost 45045 .Zkey-pub.pem SOME-PUB-SSH-KEY
and if that key is in .Zsigs it works.
One can create a...
2024 Jul 04
4
Request for a Lockdown option
Jochen Bern <Jochen.Bern at binect.de> writes:
> (And since you mention "port knocking", I'd like to repeat how fond I
> am of upgrading that original concept to a single-packet
> crypto-armored implementation like fwknop.)
I am reluctantly considering to use some kind of port knocking mechanism
on some machines, however I really don't want to carry around shared