similar to: Knocked port timeout...

This article describes how to implement "Port Knocking" in Shorewall. http://shorewall.net/PortKnocking.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

All, A friend gave me access to an svn(+ssh) repository the other day, and told me that I needed to do some port knocking to open up ssh. It occurred to me that it would be extremely convenient if I could add a "knock" configuration option for the host to my ~/.ssh/config file and never think about this again (rather than creating a shell script to accomplish this behavior,

Hi folks Im currently doin firewall project.. the scenario is like this.. my application server open port number 3079 the server ip is 202.188.0.132. and now the port can be accessed from everywhere. Now i want to block all the everywhere accessed. But my problem is, the application will be accessed by few locations that doing transaction with the application server. and the said locations are

I haven't been keeping up with the internals, I'm afraid. Does OpenSSH have support for Port Knocking? I might be interested in looking into that, as a way of reacquainting myself with the current code base. --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

Hi guys, I've made a patch adding LocalPreCommand to ssh_config. It mimics behaviour of LocalCommand, but is executed right before the connection is opened. This makes possible e.g. to integrate ssh with port knocking. It also removes "-oPermitLocalCommand=no" from scp allowing the same functionality to be used for file transfers. Applies cleanly on vanilla OpenSSH 6.7p1.

To radically cut down on SSH log spam you can also hide it completely behind a firewall, and allow access only by some port knocking sequence. I quite like having a process listen on port 53 and wait for a dns query containing a totp string to grant (temporary) access; that's a 2fa, and doing a "host 123456. my-ip" is easily automated in a shell script as well...

Hi all, Another Debian Etch fan here, running shorewall (shell) 3.2.6-2 (and Yes I''m going to upgrade when Lenny goes stable). I already have the SSHKnock working, as documented on the website: http://www.shorewall.net/PortKnocking.html Thanks, works great! In addition to the knock to open 22, I want to also ADD a redirect, from 2222 to 22 on an internal box. So, when I knock on 1600

Someone on this list uses the address @sedwards.com I doubt this is their actual email address as there is no MX record for sedwards.com and I can't find registration for their domain either. Part of my mail servers reject these emails because they cannot be replied to, or are likely to be spam. Every so often I get a mail from the list management to say that I've been unsubscribed

I am trying to use rsinc to tranfer my ftp directory from one server to another. I have port 22 closed off due to port knocking and I am trying to direct rsync to use another port. Unfortunately I can't seem to get it to use the specified port. Here is my command, if someone could point out my error I would appreciate it: rsync -avr --port=XXX xxx.xxx.xxx.xxx:/var/ftp /var/ftp The

Hi! I'm trying to create a custom logo for syslinux but keep bumping my head on the conversion to LSS16. The sample syslogo.png works fine so I decided to start with a known quantity by loading it into the Gimp. I cleared the canvas, color filled a blue background (0x000033) placed some yellow letters on the blue (0xffff00) and saved the file back out with the default compression. The

Hi! Today, I found an encoding bug with a new tune by me. http://www.uni-karlsruhe.de/~us87/ogg/vorbis_bassrumble_demo.rar (2.1MB) contains the original .WAV in 16bit/44.1kHz and an .OGG encoded at 350kbit/s. I found the bug when listening to the 128kbit/s version, but encoding it with that high bitrate didn't change a thing. The deep bassdrum contains a rumbling, knocking sound (the first

So I found an excellent port knocking tutorial using ONLY iptables rules that looks to be among the best I've ever seen. (warning: techno music, tough to read screen, you don't need to type it in because I post a link to script below) http://www.youtube.com/watch?v=0zFQocf7C_0 It works fabulously for simply opening a port to a locally managed service, but I can't seem to get it

I've had umpteen IPs knocking on this door yesterday. The router blocked them, so it's not a problem, but why that port? Anne -- New to KDE4? - get help from http://userbase.kde.org Just found a cool new feature? Add it to UserBase -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc:

Maurice, You say, "knocking my ssh session offline on all terminals and it blocks ssh from being able to connect again. Even restarting sshd doesn't help". Questions: * Is the network stack on the affected machine still active? (Can it reach other services or systems on the network?) * If the network is NOT reachable, does restarting the network stack make a difference? I ask

https://bugzilla.mindrot.org/show_bug.cgi?id=1808 Summary: "SetupCommand" invoked before connecting Product: Portable OpenSSH Version: 5.6p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org

I have an rsync script that it is copying one computer (over ssh) to a shared CIFS mount on Gentoo Linux, kernel 6.3.4. The script runs for a while and then at some point quits knocking my ssh session offline on all terminals and it blocks ssh from being able to connect again. Even restarting sshd doesn?t help. Rsync has apparently killed it. I have to reboot. -------------- next part

> Someone on this list uses the address @sedwards.com > > I doubt this is their actual email address as there is no MX record for > sedwards.com and I can't find registration for their domain either. > > Part of my mail servers reject these emails because they cannot be > replied to, or are likely to be spam. > > Every so often I get a mail from the list

Hello, About the INBOX location when using maildir, in the wiki, http://wiki.dovecot.org/MailboxFormat/Maildir, I can read: " Directory Structure ~/Maildir/new, ~/Maildir/cur and ~/Maildir/tmp directories contain the messages for INBOX. The tmp directory is used during delivery, new messages arrive in new and read shall be moved to cur by the clients. " But in my Maildir, I see

Hello! I'm setting up an icecast radio station. I'll usually be broadcasting from this machine, but want to be able to make a smooth transition to an ezstream instance that I can run on the same server as the radio station. Unfortunately, my experiments haven't found a way I can make a transition without knocking off all my clients. :-( Any idea about best practices on this? --

Okay, I finally took the time to re-write the scripts that I had talked about a few threads earlier. I have 2 versions of them, and they currently work for Redhat Enterprise 4 and SuSE Enterprise 9. (using iptables, and xinetd.d) The 2 varieties are: #1 knock, to be allowed to connect from the IP address written by the knock sequence. This adds an iptable entry to allow the specified IP