[TriLUG] looking for linux solution similar to openbsd's authpf
Dewey Hylton
plug at hyltown.com
Sun Sep 15 23:29:56 EDT 2013
----- Original Message -----
> From: "Alan Porter" <porter at trilug.org>
> To: "Triangle Linux Users Group General Discussion" <trilug at trilug.org>
> Sent: Sunday, September 15, 2013 9:37:20 PM
> Subject: Re: [TriLUG] looking for linux solution similar to openbsd's authpf
>
>
> > here's the desired outcome ... by default, iptables on server X
> > blocks access to port Y. i successfully login to server X via ssh,
> > and iptables gets updated to allow me (my ip) to pass through on
> > port Y.
>
> Take a look at knockd/knock. A simple port-knocking daemon might be
> just what you're looking for.
>
> If it's the SSH service that you're trying to hide, you can add the
> client knocking sequence to every SSH connection attempt by adding a
> line to $HOME/.ssh/config.
>
> Alan
thanks, alan. very interesting, though it provides no authentication. my desire is to allow connections based on successful ssh authentication.
More information about the TriLUG
mailing list