Actually ssh is usually port 22 23 is usually telnet. ----- Original Message ----- From: "Charles Hallenbeck" <chuckh@xxxxxxxxx> To: <sdawes at telus.net>; "Speakup is a screen review system for Linux." <speakup at braille.uwo.ca> Sent: Sunday, December 18, 2005 11:37 AM Subject: Re: /etc/suauth > Steve, > > There is a Debian package called "knockd", not sure about other distros. > It comes with a port sniffing daemon and a client program. You configure > the daemon by specifying a trio of ports to monitor, and a couple of > timing parameters. Once you do that you can close port 23 on your > firewall, but keep the sshd daemon and the knockd daemon running. > > When some user wants to connect with ssh, she first issues the knock > command giving the host name and the three ports, which is detected on > the remote host, causing the firewall to open port 23 for a specified > period. In my case it is 10 seconds. During that time the calling > system issues the usual ssh or sftp command, makes connection, and the > connection remains alive as long as needed. However, once the 10 second > period expires, the firewall once again closes port 23 to any further > connection requests unless again preceded by the correct port sequence. > It is analogous to a "secret knock" on a door, as in spy movies or > prohibition films. Very cool. > > I connect to my system this way by issuing something like this, but > with the correct port numbers: > > knock hhs48.com 1234 2345 3456 ; ssh username at hhs48.com > > and it looks on the console identical to the case where port knocking is > not in the picture. > > What distro do you use? Can you search for "knockd" for your system? > > Ch;uck > > -- > The Moon is Waning Gibbous (91% of Full) > But you can still get downloads from http://www.mhcable.com/~chuckh > > _______________________________________________ > Speakup mailing list > Speakup at braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup
