-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi. In terms of the port knocking, there are various implemenntations floating around afaik. http://portknocking.org is the oriiginal Perl prototype. Knockd I've heard of somewhere as well; another implementation that I think is based on the original. On Mon, Dec 19, 2005 at 10:54:53AM -0700, Sean McMahon wrote: > Actually ssh is usually port 22 23 is usually telnet. > ----- Original Message ----- > From: "Charles Hallenbeck" <chuckh at hhs48.com> > To: <sdawes at telus.net>; "Speakup is a screen review system for Linux." > <speakup at braille.uwo.ca> > Sent: Sunday, December 18, 2005 11:37 AM > Subject: Re: /etc/suauth > > > > Steve, > > > > There is a Debian package called "knockd", not sure about other distros. > > It comes with a port sniffing daemon and a client program. You configure > > the daemon by specifying a trio of ports to monitor, and a couple of > > timing parameters. Once you do that you can close port 23 on your > > firewall, but keep the sshd daemon and the knockd daemon running. > > > > When some user wants to connect with ssh, she first issues the knock > > command giving the host name and the three ports, which is detected on > > the remote host, causing the firewall to open port 23 for a specified > > period. In my case it is 10 seconds. During that time the calling > > system issues the usual ssh or sftp command, makes connection, and the > > connection remains alive as long as needed. However, once the 10 second > > period expires, the firewall once again closes port 23 to any further > > connection requests unless again preceded by the correct port sequence. > > It is analogous to a "secret knock" on a door, as in spy movies or > > prohibition films. Very cool. > > > > I connect to my system this way by issuing something like this, but > > with the correct port numbers: > > > > knock hhs48.com 1234 2345 3456 ; ssh username at hhs48.com > > > > and it looks on the console identical to the case where port knocking is > > not in the picture. > > > > What distro do you use? Can you search for "knockd" for your system? > > > > Ch;uck > > > > -- > > The Moon is Waning Gibbous (91% of Full) > > But you can still get downloads from http://www.mhcable.com/~chuckh > > > > _______________________________________________ > > Speakup mailing list > > Speakup at braille.uwo.ca > > http://speech.braille.uwo.ca/mailman/listinfo/speakup > > > _______________________________________________ > Speakup mailing list > Speakup at braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup - -- Any society that would give up a little liberty to gain a little security will deserve neither and lose both. - -- Benjamin Franklin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iQIVAwUBQ6g4x6e2pgKIdGq4AQr3GA/8CVhmjGkmQxCkniWRZiggFH0rSUhCH9UL nneI63JUN44M+hQioFvAdLAHW6w11xq7oXwUP5P+p7QKIW6kyvx+lT0fZe1E6dOY TYsmTSeF3IaXKHSKICrnKCuph2Hysh0LAKsWSQXRAzDMgNGOFRMVWKI8Cym4V4go M3UdHN0e23BJu02ZD9FS4BumnCnFurOknwV3uCaRHc6YCGbKgSo5wVGHq9n+efBy zc/CeQA+ofVZ4QMSiOxFlPd3xGmTyP07ZbF0tvaz8TXnELthp1iG57kLcV5Q+ID2 XxscYEUsPJAzLwcpOCoGexma8DSwzgWCtPXqoEcFhTMTXJGzE+nD9TuyPbM203yS r5OTfnfX2euN+p3X6nVbVy9XbAx2L8iTRm0AlORiAVNLrc6x7ZRpZXhhErnqVLDj 9u7ONXFUK9Dq0RU5JbV/nT0CBC9dsq+sYJbreDNhTnNmFJIcXOB6upwc1pBKBEdt +bF3iqvJDtl7CRuXiDPDHSiOeU+1oHXLJtYEOVoU6ZmZrzDaKZtvZccPL204jt+U tEfByTuyODBEGYIbu7lybX5smW510oGzuWe7eZpfnkctuLzyHEfojAvfwiorbeLS DGgqeGd7PkEzuBQ4dNkTKcvhcLE+y1voRRicb+cTEbuqZcQY8J1uXVIhtfY6lWCe 39MtSf0cStI= =+lVs -----END PGP SIGNATURE-----
