Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
tools:fwknop [2022/08/28 15:22] – darron | tools:fwknop [2023/01/20 20:16] (current) – [Server] darron | ||
---|---|---|---|
Line 4: | Line 4: | ||
Port knocking is used to alter packet filter rules on a host | Port knocking is used to alter packet filter rules on a host | ||
- | dependant upon a secret | + | dependant upon a packet |
- | It can be used to open a port to an SSH server from a single | + | It can be used to open a normally closed |
- | host. This opening will occur for a limited time period to | + | from a single host for a limited time duration. |
- | allow authentication. After a fixed duration. | + | |
- | to world as previously. | + | ===Server=== |
+ | |||
+ | ==IPtables== | ||
+ | |||
+ | < | ||
+ | iptables -t filter -A INPUT -i eth0 -p tcp --syn --destination-port 22 -j REJECT --reject-with icmp-port-unreachable | ||
+ | </ | ||
+ | |||
+ | ==FWKNOP== | ||
+ | |||
+ | ==Install== | ||
+ | |||
+ | < | ||
+ | apt install fwknop-server | ||
+ | </ | ||
+ | |||
+ | ==Run== | ||
+ | < | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | ==access.conf== | ||
+ | |||
+ | < | ||
+ | SOURCE: ANY | ||
+ | OPEN_PORTS: tcp/22 | ||
+ | KEY: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | ||
+ | FW_ACCESS_TIMEOUT: | ||
+ | </ | ||
+ | |||
+ | ==fwknop.conf== | ||
+ | |||
+ | < | ||
+ | PCAP_INTF eth0; | ||
+ | </ | ||
+ | |||
+ | ===Client=== | ||
+ | |||
+ | ==Install== | ||
+ | |||
+ | < | ||
+ | apt install fwknop-client | ||
+ | </ | ||
+ | |||
+ | ==.fwknoprc== | ||
+ | |||
+ | < | ||
+ | [default] | ||
+ | |||
+ | [hostname] | ||
+ | SPA_SERVER | ||
+ | ACCESS | ||
+ | ALLOW_IP | ||
+ | KEY | ||
+ | </ | ||
+ | |||
+ | ==.ssh/ | ||
+ | |||
+ | < | ||
+ | Match host hostname exec " | ||
+ | </ | ||
===Resources=== | ===Resources=== | ||
[[https:// | [[https:// |