Displaying 20 results from an estimated 5000 matches similar to: "Knocked port timeout..."
2005 May 12
12
New Article at Shorewall.net
This article describes how to implement "Port Knocking" in Shorewall.
http://shorewall.net/PortKnocking.html
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
2006 Jul 15
1
patch to add built-in support for port knocking
All,
A friend gave me access to an svn(+ssh) repository the other day, and
told me that I needed to do some port knocking to open up ssh. It
occurred to me that it would be extremely convenient if I could add a
"knock" configuration option for the host to my ~/.ssh/config file
and never think about this again (rather than creating a shell script
to accomplish this behavior,
2006 Jan 31
24
Need help and advised
Hi folks
Im currently doin firewall project.. the scenario is like this.. my
application server open port number 3079 the server ip is 202.188.0.132. and
now the port can be accessed from everywhere. Now i want to block all the
everywhere accessed. But my problem is, the application will be accessed by
few locations that doing transaction with the application server. and the
said locations are
2013 Sep 24
1
Port Knocking?
I haven't been keeping up with the internals, I'm afraid. Does OpenSSH have support for Port Knocking?
I might be interested in looking into that, as a way of reacquainting myself with the current code base.
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |
2014 Dec 21
2
[PATCH] LocalPreCommand: Support for executing command before ssh connection (like port knock before ssh)
Hi guys,
I've made a patch adding LocalPreCommand to ssh_config. It mimics
behaviour of LocalCommand, but is executed right before the connection
is opened. This makes possible e.g. to integrate ssh with port
knocking. It also removes "-oPermitLocalCommand=no" from scp allowing
the same functionality to be used for file transfers.
Applies cleanly on vanilla OpenSSH 6.7p1.
2023 Mar 19
1
Minimize sshd log clutter/spam from unauthenticated connections
To radically cut down on SSH log spam you can also hide it completely behind a firewall, and allow access only by some port knocking sequence.
I quite like having a process listen on port 53 and wait for a dns query containing a totp string to grant (temporary) access; that's a 2fa, and doing a "host 123456. my-ip" is easily automated in a shell script as well...
2008 Jun 18
8
Expanding SSHKnock shell script, a few questions please
Hi all,
Another Debian Etch fan here, running shorewall (shell) 3.2.6-2 (and Yes I''m going to upgrade when Lenny goes stable).
I already have the SSHKnock working, as documented on the website:
http://www.shorewall.net/PortKnocking.html
Thanks, works great!
In addition to the knock to open 22, I want to also ADD a redirect, from 2222 to 22 on an internal box. So, when I knock on 1600
2015 Jun 03
3
sedwards@sedwards.com causes me to be knocked off the list
Someone on this list uses the address @sedwards.com
I doubt this is their actual email address as there is no MX record for
sedwards.com and I can't find registration for their domain either.
Part of my mail servers reject these emails because they cannot be
replied to, or are likely to be spam.
Every so often I get a mail from the list management to say that I've
been unsubscribed
2005 Dec 09
4
rsync to a port other than 22
I am trying to use rsinc to tranfer my ftp directory from one server to
another. I have port 22 closed off due to port knocking and I am trying
to direct rsync to use another port. Unfortunately I can't seem to get
it to use the specified port. Here is my command, if someone could
point out my error I would appreciate it:
rsync -avr --port=XXX xxx.xxx.xxx.xxx:/var/ftp /var/ftp
The
2003 Apr 11
2
Making logos...
Hi!
I'm trying to create a custom logo for syslinux but keep bumping my head
on the conversion to LSS16. The sample syslogo.png works fine so I
decided to start with a known quantity by loading it into the Gimp.
I cleared the canvas, color filled a blue background (0x000033) placed
some yellow letters on the blue (0xffff00) and saved the file back out
with the default compression. The
2001 Mar 17
2
Beta4 artifact/bug in the bass area
Hi!
Today, I found an encoding bug with a new tune by me.
http://www.uni-karlsruhe.de/~us87/ogg/vorbis_bassrumble_demo.rar (2.1MB)
contains the original .WAV in 16bit/44.1kHz and an .OGG encoded at
350kbit/s. I found the bug when listening to the 128kbit/s version, but
encoding it with that high bitrate didn't change a thing.
The deep bassdrum contains a rumbling, knocking sound (the first
2013 Oct 10
0
Port knocking and DNAT rules
So I found an excellent port knocking tutorial using ONLY iptables rules
that looks to be among the best I've ever seen. (warning: techno music,
tough to read screen, you don't need to type it in because I post a link
to script below)
http://www.youtube.com/watch?v=0zFQocf7C_0
It works fabulously for simply opening a port to a locally managed
service, but I can't seem to get it
2009 Apr 06
3
What's special about port 19842?
I've had umpteen IPs knocking on this door yesterday. The router blocked
them, so it's not a problem, but why that port?
Anne
--
New to KDE4? - get help from http://userbase.kde.org
Just found a cool new feature? Add it to UserBase
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc:
2023 Jun 03
1
What could cause rsync to kill ssh?
Maurice,
You say, "knocking my ssh session offline on all terminals and it blocks
ssh from being able to connect again. Even restarting sshd doesn't help".
Questions:
* Is the network stack on the affected machine still active? (Can it
reach other services or systems on the network?)
* If the network is NOT reachable, does restarting the network stack
make a difference?
I ask
2010 Aug 23
3
[Bug 1808] New: "SetupCommand" invoked before connecting
https://bugzilla.mindrot.org/show_bug.cgi?id=1808
Summary: "SetupCommand" invoked before connecting
Product: Portable OpenSSH
Version: 5.6p1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: ssh
AssignedTo: unassigned-bugs at mindrot.org
2023 Jun 03
3
What could cause rsync to kill ssh?
I have an rsync script that it is copying one computer (over ssh) to a shared CIFS mount on Gentoo Linux, kernel 6.3.4. The script runs for a while and then at some point quits knocking my ssh session offline on all terminals and it blocks ssh from being able to connect again. Even restarting sshd doesn?t help. Rsync has apparently killed it. I have to reboot.
-------------- next part
2015 Jun 03
0
sedwards@sedwards.com causes me to be knocked off the list
> Someone on this list uses the address @sedwards.com
>
> I doubt this is their actual email address as there is no MX record for
> sedwards.com and I can't find registration for their domain either.
>
> Part of my mail servers reject these emails because they cannot be
> replied to, or are likely to be spam.
>
> Every so often I get a mail from the list
2009 Feb 06
3
Maildir structure question
Hello,
About the INBOX location when using maildir, in the wiki,
http://wiki.dovecot.org/MailboxFormat/Maildir, I can read:
"
Directory Structure
~/Maildir/new, ~/Maildir/cur and ~/Maildir/tmp directories contain
the messages for INBOX. The tmp directory is used during delivery, new
messages arrive in new and read shall be moved to cur by the clients.
"
But in my Maildir, I see
2012 Jan 31
4
Making a smooth transition between sources?
Hello!
I'm setting up an icecast radio station. I'll usually be broadcasting from
this machine, but want to be able to make a smooth transition to an
ezstream instance that I can run on the same server as the radio station.
Unfortunately, my experiments haven't found a way I can make a transition
without knocking off all my clients. :-(
Any idea about best practices on this?
--
2005 Sep 06
0
Knock SSHD call in and SSH call out scripts
Okay, I finally took the time to re-write the scripts that I had talked about
a few threads earlier.
I have 2 versions of them, and they currently work for Redhat Enterprise 4 and
SuSE Enterprise 9. (using iptables, and xinetd.d)
The 2 varieties are:
#1 knock, to be allowed to connect from the IP address written by the knock
sequence. This adds an iptable entry to allow the specified IP