Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
tools:fwknop [2022/08/28 15:27] – [Setup] darrontools:fwknop [2023/01/20 20:16] (current) – [Server] darron
Line 4: Line 4:
  
 Port knocking is used to alter packet filter rules on a host Port knocking is used to alter packet filter rules on a host
-dependant upon a secret packet delivered to that host.+dependant upon a packet encrypted with a secret key delivered to that host.
  
 It can be used to open a normally closed port to an SSH server It can be used to open a normally closed port to an SSH server
 from a single host for a limited time duration. from a single host for a limited time duration.
  
-===Setup===+===Server===
  
 ==IPtables== ==IPtables==
Line 17: Line 17:
 </code> </code>
  
-==Server==+==FWKNOP==
  
-__Run__+==Install== 
 + 
 +<code> 
 +apt install fwknop-server 
 +</code> 
 + 
 +==Run==
 <code> <code>
 /usr/sbin/fwknopd /usr/sbin/fwknopd
 </code> </code>
  
-__access.conf__+==access.conf==
  
 <code> <code>
Line 33: Line 39:
 </code> </code>
  
-__fwknop.conf__+==fwknop.conf==
  
 <code> <code>
 PCAP_INTF eth0; PCAP_INTF eth0;
 +</code>
 +
 +===Client===
 +
 +==Install==
 +
 +<code>
 +apt install fwknop-client 
 +</code>
 +
 +==.fwknoprc==
 +
 +<code>
 +[default]
 +
 +[hostname]
 +SPA_SERVER      x.x.x.x
 +ACCESS          tcp/22
 +ALLOW_IP        resolve
 +KEY             XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 +</code>
 +
 +==.ssh/config==
 +
 +<code>
 +Match host hostname exec "fwknop -n hostname && sleep 0.5"
 </code> </code>