patch to add built-in support for port knocking
Darren Tucker
dtucker at zip.com.au
Sun Jul 16 16:35:47 EST 2006
On Sat, Jul 15, 2006 at 11:00:02AM -0400, Ryan Findley wrote:
> A friend gave me access to an svn(+ssh) repository the other day, and
> told me that I needed to do some port knocking to open up ssh. It
> occurred to me that it would be extremely convenient if I could add a
> "knock" configuration option for the host to my ~/.ssh/config file
> and never think about this again (rather than creating a shell script
> to accomplish this behavior, and remembering to use it for remote
> access and svn activity).
You can do it from ~/.ssh/config already with a ProxyCommand. Make
yourself a little shell script that does the portknocking then execs
connect or netcat, like so:
#!/bin/sh
your_portknock_command $1 && exec /usr/bin/nc $1 $2
Then, add it to ~/.ssh/config:
Host svnserver.example.com
ProxyCommand /usr/local/bin/portknock_connect %h %p
> After some pretty small changes to ssh.c and readconf.c, my dream is
> now a reality.
> Might I be able to convince the good people of OpenSSH to consider
> adding my changes to CVS?
It's unlikely.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list