Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SSHD and SSH Call-out via Port Knocking

from [guyverdh] Network Security [Permanent Link]
Subject: SSHD and SSH Call-out via Port Knocking
Date: 6 Sep 2005 03:11:42 -0000 
I finally took the time to flesh out an idea that I'd had for some time.  The 
idea was pretty simple, a semi-secure way of having the SSH server allow remote 
connectivity, without having an SSHD listener always on.

It took a couple of hours to write, test, re-write, re-test, etc both versions.

Both versions use a series of scripts to write numerals into a temporary file 
via knocks on specific ports.  This file is then read when one of two ports are 
knocked after having 12 digits written to the file.

One port, reads the temporary file, builds the IP address, then creates an 
iptables entry that allows the specified IP address to connect via SSH for 
approximately 30 seconds.  It then closes the SSHD daemon, and drops the 
iptables entry.

The second port, reads the temporary file, builds the IP address, then causes 
SSH to connect to the specified IP address with a backchannel defined.  This 
allows the remote client to ssh into the server via this backchannel.

Would there be any interest in seeing the sample shell scripts that I have 
written for Redhat Enterprise and SuSE Enterprise Linux?

Is this even something anyone would like to do?
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  file transfer size limit, Ben Kim
Next by Date:  AW: Logging Traffic by user @ OpenSSH 3.8.1, Miro Dietiker, MD Systems
Previous by Thread:  file transfer size limit, Ben Kim
Next by Thread:  Re: SSHD and SSH Call-out via Port Knocking, Johan De Meersman
Indexes:  [Date] [Thread] [Top] [All Lists]