Knock SSHD call in and SSH call out scripts

guyverdh at mchsi.com guyverdh at mchsi.com
Tue Sep 6 13:58:28 EST 2005


Okay, I finally took the time to re-write the scripts that I had talked about 
a few threads earlier.

I have 2 versions of them, and they currently work for Redhat Enterprise 4 and 
SuSE Enterprise 9.  (using iptables, and xinetd.d)

The 2 varieties are:
#1 knock, to be allowed to connect from the IP address written by the knock 
sequence.  This adds an iptable entry to allow the specified IP address to 
connect to specified knock ssh port (I used 32022 for my example), opens a 
listener for 30 seconds, then kills the listener and drops the iptable entry.

#2 knock, to have the server ssh to the IP address specified, to open a back 
channel into the servers ssh daemon.  This allows the knocking client to 
connect to the server over the R mapped port (I used 2022 for my example).  
The nice thing about this, is that the reverse mapping stays open until you 
kill the ssh connection.

Now, my question is, where would be a good place to write this up, and share 
my sample scripts?

Is there even any interest in this?

Thanks for your time.




More information about the openssh-unix-dev mailing list