[solved]: web alternative to knockd for a "secure" sshd server?

To: debian-user@lists.debian.org
Subject: [solved]: web alternative to knockd for a "secure" sshd server?
From: "Nick Demou" <ndemou@gmail.com>
Date: Sat, 21 Apr 2007 07:43:23 +0300
Message-id: <[🔎] cc703c350704202143s65e2c3efnb7263b3a58e1f651@mail.gmail.com>

On 4/21/07, Jeff D <fixedored@gmail.com> wrote:

On Fri, 20 Apr 2007, Nick Demou wrote:
[...]
>
> Any other idea of simple measures that will keep as many attackers
> away from the one and only service that is listening to the Internet?
> [...]

I'm not sure if this fits what you are looking for or not:
http://www.cipherdyne.org/fwknop/

This does single packed authentication, you send a specially crafted packet
to the server, through a client app though, and it opens up the firewall
for you for a specified amount of time and closes it back up after you
are done.


Thanks, it's what I was looking for. Allthough it does have the
drawback of requiring a special client to knock the server as you
noted. This, however, is the sideeffect of making the implementation
much more robust and not relying on security by obscurity. To be
honest I prefer the convenience of connecting without a special client
but I allready thought of an easy way to make fwknop ... less secure
(always easier than the oposite :)

Thanks also, for all other advices from the list (rate limiting for
example is too easy to be left out of the scheme)

Reply to:

Follow-Ups:
- Re: [solved]: web alternative to knockd for a "secure" sshd server?
  - From: "Karl E. Jorgensen" <karl@jorgensen.org.uk>

Prev by Date: Re: Problems with sarge to etch upgrade
Next by Date: Re: Oh, yeah: Unable to switch to TTY from X
Previous by thread: Re: Jmicron363 r4 ETCH
Next by thread: Re: [solved]: web alternative to knockd for a "secure" sshd server?
Index(es):
- Date
- Thread