You are not logged in.
I'm trying to implement a port knocking script. I have set up my `iptables` rules to listen for a specific sequence of 3 ports via UDP, and have a script that does the following:
#!/bin/bash
# Knock 1
echo -n "Knock" | nc -q1 -u <remote-host> <knock-port-1>
# Knock 2
echo -n "Knock" | nc -q1 -u <remote-host> <knock-port-2>
# Knock 3
echo -n "Knock" | nc -q1 -u <remote-host> <knock-port-3>
# Establish ssh connection
ssh -p <ssh-port> -i <private-ssh-key> <user>@<remote-host>I am executing that script on a different machine from <remote-host>. However, the first knock command hangs. I can see the UDP packet come through on a `tcpdump` on <remote-host>, but the second knock never executes because the first command is hanging.
This could have something to do with my `iptables` rules DROP-ing the connections to those ports... This is my first time using `nc`, so it could be a lack of understanding on my part, there, too. My goal *would* be to have the packets dropped, so someone doesn't know they are successfully pinging <remote-host>. It would just be figuring out to get `nc` to not hang, that's the issue.
Last edited by hoWlExat (2019-12-02 06:45:01)
Offline
I built a tool (alternative to my attempts at using `nc`, above) that people can feel free to use for port knocking.
It includes descriptions of how to set up your SSH server, router and client.
It also includes a single script to execute when everything is set up that both does the port-knocking and initiates the SSH connection.
Offline