Quote:
Originally Posted by amboxer21
do i need to uninstall the openssh-server package an rely on knockd?
|
No, if you remove the SSH daemon then there's no service to connect to.
Quote:
Originally Posted by amboxer21
Maybe I am supposed to close port 22 and knockd will open port 22 when I knck with the right sequnce?
|
Yes. The idea is to block all new connections to the port (either by default filter table INPUT chain policy or specific drop rule) and have the knock daemon add an accept rule on successful knock sequence (check with 'iptables -t filter -nL INPUT'). If this is a remote machine then best add an explicit rule for the IP address or range you connect from while testing to ensure you don't lock yourself out.