feature-request: trap-door

guyverdh at mchsi.com guyverdh at mchsi.com
Wed Aug 10 00:30:05 EST 2005


Why would you place this functionality at the application layer, why not use 
port knocking at the firewall layer?

It's a lot simpler to implement (even if you have to set it up manually via 
the services and inetd.conf files), than to change the code for sshd.

A couple of lines in an inetd.conf and services file can make an easy to use 
port knocking to open an SSHD daemon on a port the knocker specifies.  Then 
after 30 seconds, the listener closes. 

If there's interest, I can submit an example.




More information about the openssh-unix-dev mailing list