LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   knockd questions (http://www.linuxquestions.org/questions/linux-security-4/knockd-questions-4175435413/)

amboxer21 11-03-2012 02:30 AM

knockd questions
 
I have a few questions about knockd for Lubuntu. I installed the openssh-server package and have an open port. It makes me uneasy and I want to take a little extra precautions!

I installed knockd and I still see port 22 open. So the question is, do i need to uninstall the openssh-server package an rely on knockd? Maybe I am supposed to close port 22 and knockd will open port 22 when I knck with the right sequnce?? Can any one shine some light on this for me?

Thanks!

unSpawn 11-03-2012 10:31 AM

Quote:

Originally Posted by amboxer21 (Post 4821226)
do i need to uninstall the openssh-server package an rely on knockd?

No, if you remove the SSH daemon then there's no service to connect to.


Quote:

Originally Posted by amboxer21 (Post 4821226)
Maybe I am supposed to close port 22 and knockd will open port 22 when I knck with the right sequnce?

Yes. The idea is to block all new connections to the port (either by default filter table INPUT chain policy or specific drop rule) and have the knock daemon add an accept rule on successful knock sequence (check with 'iptables -t filter -nL INPUT'). If this is a remote machine then best add an explicit rule for the IP address or range you connect from while testing to ensure you don't lock yourself out.


All times are GMT -5. The time now is 03:51 AM.