search for: port_knock

...ock server to do the I/O plus sh(1)ell based client which can do .. whatever. The whitelist default whitelists the source IP for 30 seconds. 836 0% 1 0% /root/port-knock-server PORT-NUMBER /root/bin/port-knock-client.sh But it "integrates" into and relies upon the firewall via # port_knock: input only server if [ -n "${SERVER}" ] && fwcore_has_i port_knock; then : ${FWCORE_PORT_KNOCK:?port_knock in FWCORE_IPROTOS needs FWCORE_PORT_KNOCK} if ipaddr_split ap "${FWCORE_PORT_KNOCK}"; then add_rule -p udp --dport...

...pubkey (base64) + LF 2. LF (gives as room to place a NUL upon receive) 3. SSH signature cipher-encrypted with password in 1. (base64) + LF Ie after placing some SSH principals in /tmp/.Zsigs, cd /tmp/ gcc -o ./zt ./s-port-knock-bin.c ./s-port-knock.sh create-server-key .Zkey we can do PORT_KNOCK_BIN=/tmp/zt ./s-port-knock.sh \ start-server -v 45045 \ /tmp/s-port-knock.sh /tmp/.Zkey-pri.pem /tmp/.Zsigs and in another window PORT_KNOCK_BIN=/tmp/zt ./s-port-knock.sh \ knock localhost 45045 .Zkey-pub.pem SOME-PUB-SSH-KEY and if that key is in .Zsigs it works. One can create a...

Jochen Bern <Jochen.Bern at binect.de> writes: > (And since you mention "port knocking", I'd like to repeat how fond I > am of upgrading that original concept to a single-packet > crypto-armored implementation like fwknop.) I am reluctantly considering to use some kind of port knocking mechanism on some machines, however I really don't want to carry around shared