knockd – a port-knocking server – setup

knockd – a port-knocking server . It’s amazing and I feel it’s an essential tool to secure the ports.

Here i setup knockd server for Open-SSH in ubuntu

#1: Install Knockd

$ sudo apt-get install knockd

up on installation, you will get a message says knockd is disabled

#2 : First need to configure the files before we start the service , edit  knockd.conf file

$ sudo vim /etc/knockd.conf

this is how my file looks like

[options]

UseSyslog

[openSSH]
sequence = 7000,8000,9000
seq_timeout = 5
command = iptables -D INPUT -p tcp –dport 22 -j DROP
tcpflags = syn

[closeSSH]
sequence = 9000,8000,7000
seq_timeout = 5
command = iptables -A INPUT -p tcp –dport 22 -j DROP
tcpflags = syn

 

#3: Edit /etc/default/knockd file to enable the service

$ sudo vim /etc/default/knockd

my file looks like this

################################################
#
# knockd’s default file, for generic sys config
#
################################################

# control if we start knockd at init or not
# 1 = start
# anything else = don’t start
#
# PLEASE EDIT /etc/knockd.conf BEFORE ENABLING
START_KNOCKD=1

# command line options
KNOCKD_OPTS=”-i eth1″

#4 Start the service

 

sudo service knockd start #<– start server
sudo service knockd stop #<– stop server
sudo service knockd restart #<– restart server
sudo service knockd status #<– see status server

#5: how to use knock

From client machine try this (you might need to install knockd)

knock  -v   192.168.1.2 7000, 8000, 9000

you will see

hitting tcp 192.168.1.1:7000

hitting tcp 192.168.1.1:8000

hitting tcp 192.168.1.1:9000

 

Whala! now you can ssh into the machine

ssh ajay@192.168.1.1