similar to: Knock SSHD call in and SSH call out scripts

Hi guys, I've made a patch adding LocalPreCommand to ssh_config. It mimics behaviour of LocalCommand, but is executed right before the connection is opened. This makes possible e.g. to integrate ssh with port knocking. It also removes "-oPermitLocalCommand=no" from scp allowing the same functionality to be used for file transfers. Applies cleanly on vanilla OpenSSH 6.7p1.

https://bugzilla.mindrot.org/show_bug.cgi?id=3717 Bug ID: 3717 Summary: Stricter sshd absolute path requirement breaks xinetd Product: Portable OpenSSH Version: 9.8p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at

Hi, in port knocking setups, it would be great to have the possibility to execute a shell command before the ssh connection is actually initiated. That way, one could configure ssh like host foo hostname foo.bar.example user baz pre-connect knock foo.bar.example 1234 5678 and transparently initiate the connection by saying ssh foo. ssh would then first invoke the knock process and then initiate

I am attempting to use the Knock.pm from http://www.shorewall.net/ManualChains.html I am not having much luck making the DNAT- knock work for some reason. Anyone else using this on 4.4.4 that can verify if this still works as documented? Thanks ------------------------------------------------------------------------------ Return on Information: Google Enterprise Search pays you back Get the

All, A friend gave me access to an svn(+ssh) repository the other day, and told me that I needed to do some port knocking to open up ssh. It occurred to me that it would be extremely convenient if I could add a "knock" configuration option for the host to my ~/.ssh/config file and never think about this again (rather than creating a shell script to accomplish this behavior,

Steffen Nurpmeso wrote in <20240704180538.iV4uex29 at steffen%sdaoden.eu>: |Simon Josefsson wrote in | <87jzi1fg24.fsf at kaka.sjd.se>: ||Jochen Bern <Jochen.Bern at binect.de> writes: ||> (And since you mention "port knocking", I'd like to repeat how fond I ||> am of upgrading that original concept to a single-packet ||> crypto-armored

For what it's worth to those who want to play with SPA, here is a demo i whipped up. It is very easy to set up, and i almost guarantee anyone can get this running. What we will demonstrate: Bascially: An SPA demo. Requirements: Very little - a minimal setup of centos. This setup will demonstrate a client who initially cannot connect to a an ssh port on the server (the server is DROPing

Simon Josefsson wrote in <87jzi1fg24.fsf at kaka.sjd.se>: |Jochen Bern <Jochen.Bern at binect.de> writes: |> (And since you mention "port knocking", I'd like to repeat how fond I |> am of upgrading that original concept to a single-packet |> crypto-armored implementation like fwknop.) | |I am reluctantly considering to use some kind of port knocking

To radically cut down on SSH log spam you can also hide it completely behind a firewall, and allow access only by some port knocking sequence. I quite like having a process listen on port 53 and wait for a dns query containing a totp string to grant (temporary) access; that's a 2fa, and doing a "host 123456. my-ip" is easily automated in a shell script as well...

Anyone know why the knock-off X100p prices have jumped? -Nate

P.S.: Steffen Nurpmeso wrote in <20240707025234.j3oUaPFH at steffen%sdaoden.eu>: |Steffen Nurpmeso wrote in | <20240704180538.iV4uex29 at steffen%sdaoden.eu>: ||Simon Josefsson wrote in || <87jzi1fg24.fsf at kaka.sjd.se>: |||Jochen Bern <Jochen.Bern at binect.de> writes: |||> (And since you mention "port knocking", I'd like to repeat how fond I

I haven't been keeping up with the internals, I'm afraid. Does OpenSSH have support for Port Knocking? I might be interested in looking into that, as a way of reacquainting myself with the current code base. --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

https://bugzilla.mindrot.org/show_bug.cgi?id=3729 Bug ID: 3729 Summary: the new sshd does not work under the supervision of inetd Product: Portable OpenSSH Version: 9.8p1 Hardware: ARM OS: Linux Status: NEW Severity: major Priority: P5 Component: sshd

So I found an excellent port knocking tutorial using ONLY iptables rules that looks to be among the best I've ever seen. (warning: techno music, tough to read screen, you don't need to type it in because I post a link to script below) http://www.youtube.com/watch?v=0zFQocf7C_0 It works fabulously for simply opening a port to a locally managed service, but I can't seem to get it

I''ve been using the port knocking technique described in the Shorewall docs to control ssh access on one of our servers: http://www.shorewall.net/PortKnocking.html It works great, but occasionally one of the admins forgets to perform the close port operation. This leaves ssh open to the world until one of us notices. I''ve considered adding a cron job to close the port every

Maurice, You say, "knocking my ssh session offline on all terminals and it blocks ssh from being able to connect again. Even restarting sshd doesn't help". Questions: * Is the network stack on the affected machine still active? (Can it reach other services or systems on the network?) * If the network is NOT reachable, does restarting the network stack make a difference? I ask

Do they fall under FCC certification if they're built to the same specifications as the ones from Digium? If I build my own T100Ps from the schematics and board layouts that are available, are they legal to plug into the PSTN?

I have an rsync script that it is copying one computer (over ssh) to a shared CIFS mount on Gentoo Linux, kernel 6.3.4. The script runs for a while and then at some point quits knocking my ssh session offline on all terminals and it blocks ssh from being able to connect again. Even restarting sshd doesn?t help. Rsync has apparently killed it. I have to reboot. -------------- next part

And if you're really security conscious consider using port knocking (knock server - amazingly easy to set up. Or use fwknop, a little more difficult to set up but not much. Finally, for the hard core who really like pain - write the iptables rules yourself). ----- Original Message ----- From: "Pete Biggs" <pete at biggs.org.uk> To: "centos" <centos at

tftp keeps timing out when I try to transfer files. I intend to use tftp with G4U to clone a standard workstation. I am testing it between two Dell poweredge servers running CentOS 4.3. "chkconfig --list |grep tftp" shows tftp up and running on both boxes. When connected "tftp>status" shows it is talking to the other box "tptp>trace" shows "sent WRQ