Knock SSHD call in and SSH call out scripts
guyverdh at mchsi.com
guyverdh at mchsi.com
Tue Sep 6 13:58:28 EST 2005
Okay, I finally took the time to re-write the scripts that I had talked about
a few threads earlier.
I have 2 versions of them, and they currently work for Redhat Enterprise 4 and
SuSE Enterprise 9. (using iptables, and xinetd.d)
The 2 varieties are:
#1 knock, to be allowed to connect from the IP address written by the knock
sequence. This adds an iptable entry to allow the specified IP address to
connect to specified knock ssh port (I used 32022 for my example), opens a
listener for 30 seconds, then kills the listener and drops the iptable entry.
#2 knock, to have the server ssh to the IP address specified, to open a back
channel into the servers ssh daemon. This allows the knocking client to
connect to the server over the R mapped port (I used 2022 for my example).
The nice thing about this, is that the reverse mapping stays open until you
kill the ssh connection.
Now, my question is, where would be a good place to write this up, and share
my sample scripts?
Is there even any interest in this?
Thanks for your time.
More information about the openssh-unix-dev
mailing list