[RossLUG] Thoughts on ssh and security.
Jonathan Archer
jon at rosslug.org.uk
Wed Mar 14 22:11:01 UTC 2012
Hey James,
Thats really cool, I've seen something similar used before..
I notice you are using the telnet command, I presume this is purely just
to create an opening on that particular port? Essentially anything that
will open a port would do the trick?
Might have to give that one a go...
I must say SSH is one of the best tools, so many possibilities!
Jon
On Wed, 2012-03-14 at 21:29 +0000, James Lawrie wrote:
> Hey,
>
> While you're all talking about securing SSH, have any of you tried port
> knocking?
>
> The basic principle is that port 22 appears closed, but after a secret
> "knock" of other closed ports, it opens for you.
>
> I've written a script which I've had running on a couple of machines in
> a screen without issue for over a year now and it works really well,
> although it is simplistic.
>
> It analyses iptables logs, and when it "hears" the right "knock" it adds
> a rule to allow :22 from that IP - all other IPs are blocked by default.
>
> The script is here: http://jdlawrie.co.uk/scripts/PortKnocker.txt and
> the default knock is: 2000, 2001, 2002
>
> [james at nemo ~]$ ssh root at test_host
> ssh: connect to host test_host port 22: Connection refused
> [james at nemo ~]$ telnet test_host 2000
> Trying test_host...
> telnet: connect to address test_host: Connection refused
> [james at nemo ~]$ telnet test_host 2001
> Trying test_host...
> telnet: connect to address test_host: Connection refused
> [james at nemo ~]$ telnet test_host 2002
> Trying test_host...
> telnet: connect to address test_host: Connection refused
> [james at nemo ~]$ ssh root at test_host
> root at test_host's password:
>
> -
> James
>
> _______________________________________________
> RossLUG mailing list
> RossLUG at rosslug.org.uk
> http://rosslug.org.uk/mailman/listinfo/rosslug_rosslug.org.uk
More information about the RossLUG
mailing list