From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from wsip-24-249-27-228.ri.ri.cox.net ([24.249.27.228] helo=lava-net.com) by speech.braille.uwo.ca with esmtp (Exim 3.36 #1 (Debian)) id 1EokrB-00089P-00 for ; Tue, 20 Dec 2005 12:00:57 -0500 Received: by lava-net.com (Postfix, from userid 1020) id 6D98727809F; Tue, 20 Dec 2005 12:00:55 -0500 (EST) Date: Tue, 20 Dec 2005 12:00:55 -0500 From: Igor Gueths To: Sean McMahon , "Speakup is a screen review system for Linux." Message-ID: <20051220170055.GA13986@lava-net.com> References: <20051218183748.GA22729@hhs48.com> <002501c604c5$50f2ddc0$77ac7682@azwaterDOM.wr.usgs.gov> Mime-Version: 1.0 Content-Type: text/plain; x-action=pgp-signed; charset=us-ascii Content-Disposition: inline In-Reply-To: <002501c604c5$50f2ddc0$77ac7682@azwaterDOM.wr.usgs.gov> User-Agent: Mutt/1.4.2i Subject: Re: /etc/suauth X-BeenThere: speakup@braille.uwo.ca X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Speakup is a screen review system for Linux." List-Id: "Speakup is a screen review system for Linux." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Dec 2005 17:00:57 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi. In terms of the port knocking, there are various implemenntations floating around afaik. http://portknocking.org is the oriiginal Perl prototype. Knockd I've heard of somewhere as well; another implementation that I think is based on the original. On Mon, Dec 19, 2005 at 10:54:53AM -0700, Sean McMahon wrote: > Actually ssh is usually port 22 23 is usually telnet. > ----- Original Message ----- > From: "Charles Hallenbeck" > To: ; "Speakup is a screen review system for Linux." > > Sent: Sunday, December 18, 2005 11:37 AM > Subject: Re: /etc/suauth > > > > Steve, > > > > There is a Debian package called "knockd", not sure about other distros. > > It comes with a port sniffing daemon and a client program. You configure > > the daemon by specifying a trio of ports to monitor, and a couple of > > timing parameters. Once you do that you can close port 23 on your > > firewall, but keep the sshd daemon and the knockd daemon running. > > > > When some user wants to connect with ssh, she first issues the knock > > command giving the host name and the three ports, which is detected on > > the remote host, causing the firewall to open port 23 for a specified > > period. In my case it is 10 seconds. During that time the calling > > system issues the usual ssh or sftp command, makes connection, and the > > connection remains alive as long as needed. However, once the 10 second > > period expires, the firewall once again closes port 23 to any further > > connection requests unless again preceded by the correct port sequence. > > It is analogous to a "secret knock" on a door, as in spy movies or > > prohibition films. Very cool. > > > > I connect to my system this way by issuing something like this, but > > with the correct port numbers: > > > > knock hhs48.com 1234 2345 3456 ; ssh username@hhs48.com > > > > and it looks on the console identical to the case where port knocking is > > not in the picture. > > > > What distro do you use? Can you search for "knockd" for your system? > > > > Ch;uck > > > > -- > > The Moon is Waning Gibbous (91% of Full) > > But you can still get downloads from http://www.mhcable.com/~chuckh > > > > _______________________________________________ > > Speakup mailing list > > Speakup@braille.uwo.ca > > http://speech.braille.uwo.ca/mailman/listinfo/speakup > > > _______________________________________________ > Speakup mailing list > Speakup@braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup - -- Any society that would give up a little liberty to gain a little security will deserve neither and lose both. - -- Benjamin Franklin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iQIVAwUBQ6g4x6e2pgKIdGq4AQr3GA/8CVhmjGkmQxCkniWRZiggFH0rSUhCH9UL nneI63JUN44M+hQioFvAdLAHW6w11xq7oXwUP5P+p7QKIW6kyvx+lT0fZe1E6dOY TYsmTSeF3IaXKHSKICrnKCuph2Hysh0LAKsWSQXRAzDMgNGOFRMVWKI8Cym4V4go M3UdHN0e23BJu02ZD9FS4BumnCnFurOknwV3uCaRHc6YCGbKgSo5wVGHq9n+efBy zc/CeQA+ofVZ4QMSiOxFlPd3xGmTyP07ZbF0tvaz8TXnELthp1iG57kLcV5Q+ID2 XxscYEUsPJAzLwcpOCoGexma8DSwzgWCtPXqoEcFhTMTXJGzE+nD9TuyPbM203yS r5OTfnfX2euN+p3X6nVbVy9XbAx2L8iTRm0AlORiAVNLrc6x7ZRpZXhhErnqVLDj 9u7ONXFUK9Dq0RU5JbV/nT0CBC9dsq+sYJbreDNhTnNmFJIcXOB6upwc1pBKBEdt +bF3iqvJDtl7CRuXiDPDHSiOeU+1oHXLJtYEOVoU6ZmZrzDaKZtvZccPL204jt+U tEfByTuyODBEGYIbu7lybX5smW510oGzuWe7eZpfnkctuLzyHEfojAvfwiorbeLS DGgqeGd7PkEzuBQ4dNkTKcvhcLE+y1voRRicb+cTEbuqZcQY8J1uXVIhtfY6lWCe 39MtSf0cStI= =+lVs -----END PGP SIGNATURE-----