knockd questions

amboxer21 · 11-03-2012, 01:30 AM

I have a few questions about knockd for Lubuntu. I installed the openssh-server package and have an open port. It makes me uneasy and I want to take a little extra precautions!

I installed knockd and I still see port 22 open. So the question is, do i need to uninstall the openssh-server package an rely on knockd? Maybe I am supposed to close port 22 and knockd will open port 22 when I knck with the right sequnce?? Can any one shine some light on this for me?

Thanks!

unSpawn · 11-03-2012, 09:31 AM

Quote:

Originally Posted by amboxer21

do i need to uninstall the openssh-server package an rely on knockd?

No, if you remove the SSH daemon then there's no service to connect to.

Quote:

Originally Posted by amboxer21

Maybe I am supposed to close port 22 and knockd will open port 22 when I knck with the right sequnce?

Yes. The idea is to block all new connections to the port (either by default filter table INPUT chain policy or specific drop rule) and have the knock daemon add an accept rule on successful knock sequence (check with 'iptables -t filter -nL INPUT'). If this is a remote machine then best add an explicit rule for the IP address or range you connect from while testing to ensure you don't lock yourself out.