Steve, There is a Debian package called "knockd", not sure about other distros. It comes with a port sniffing daemon and a client program. You configure the daemon by specifying a trio of ports to monitor, and a couple of timing parameters. Once you do that you can close port 23 on your firewall, but keep the sshd daemon and the knockd daemon running. When some user wants to connect with ssh, she first issues the knock command giving the host name and the three ports, which is detected on the remote host, causing the firewall to open port 23 for a specified period. In my case it is 10 seconds. During that time the calling system issues the usual ssh or sftp command, makes connection, and the connection remains alive as long as needed. However, once the 10 second period expires, the firewall once again closes port 23 to any further connection requests unless again preceded by the correct port sequence. It is analogous to a "secret knock" on a door, as in spy movies or prohibition films. Very cool. I connect to my system this way by issuing something like this, but with the correct port numbers: knock hhs48.com 1234 2345 3456 ; ssh username at hhs48.com and it looks on the console identical to the case where port knocking is not in the picture. What distro do you use? Can you search for "knockd" for your system? Ch;uck -- The Moon is Waning Gibbous (91% of Full) But you can still get downloads from http://www.mhcable.com/~chuckh
