You are not logged in.

#1 2010-12-31 21:31:55

dyscoria
Member
Registered: 2008-01-10
Posts: 1,007

knock-once: script to create/send one-time sequences for knockd

This little script makes using one-time sequences with Judd Vinet's knockd really quite easy smile Happy New Year!

Link to AUR page.
Link to sourceforge page.

Usage:

EXAMPLES
       Generate sequences:
       knock-once --generate --output-file ~/.knock-once/myserver_sequences

       Send first uncommented knock sequence from ~/.knock-once/myserver_sequences:
       knock-once ~/.knock-once/myserver_sequences myserver.example.com

       Send and comment out sequence after usage:
       knock-once --comment-sequence ~/.knock-once/myserver_sequences myserver.example.com

knock-once man page:

NAME
       knock-once - port-knock client helper utility

SYNOPSIS
       knock-once [options] file server

       knock-once -g [options]

DESCRIPTION
       knock-once  is  a  script  to automate the generation and sending of
       one-time knock sequences to servers running knockd, the port-knock
       server written by Judd Vinet. knock-once can generate a list of random
       sequences using either /dev/random or /dev/urandom. The script then
       sends knocks from this list using the port-knock client, knock, that
       comes with the knockd package. Sequences from the list can be
       automatically commented out after usage.

OPERATIONS
       -g, --generate
           Generate a list of random port-knock sequences in the format
           recognized by knockd.

       -h, --help
           Output syntax and command-line options.

       -s, --send <file> <server>
           Send  the  first  uncommented port-knock sequence from the
           specified file to the specified server. This is the default operation
           and only file and server need to be passed as command-line
           arguments.

       -v, --version
           Display the version.

GENERATE OPTIONS
       -l, --sequence-length <length>
           Specify the number of packets in each sequence. Any positive
           integer may be specified. The default is 3.

       -m, --min-port <port>
           Specify the lowest port number to use in the generated
           sequences. The default is 1024.

       -M, --max-port <port>
           Specify the highest port number to use in the generated
           sequences. The default is 65536.

       -n, --total-number <number>
           Specify the total number of sequences to generate. The default
           is 100.

       -o, --output-file <file>
           Specify the file path to write sequences into. Existing files will
           not be overwritten so a new file path must be specified. The
           default is ./knock-once_sequences.

       -r, --true-random
           Use /dev/random as the random number generator. The
           default is /dev/urandom.

       -t, --tcp-only
           Use only the TCP protocol in generated sequences. The default
           uses both TCP and UDP.

       -u, --udp-only
           Use only the UDP protocol in generated sequences. The default
           uses both TCP and UDP.

SEND OPTIONS
       -c, --comment-sequence
           Comment out the sequence with a hash sign (#) after usage.
           The user must therefore have write access to the file specified.

       -d --delay <delay>
           Specify the delay in seconds to sleep between each knock.
           This prevents packets from arriving in the wrong order. Increase
           the delay if problems occur. See sleep(1) for further details on
           the arguments allowed. The default is 1.

EXAMPLES
       Generate sequences:
       knock-once --generate --output-file ~/.knock-once/myserver_sequences

       Send first uncommented knock sequence from ~/.knock-once/myserver_sequences:
       knock-once ~/.knock-once/myserver_sequences myserver.example.com

       Send and comment out sequence after usage:
       knock-once --comment-sequence ~/.knock-once/myserver_sequences myserver.example.com

BUGS
       If there are any bugs, send an email with as much detail as possible to dyscoria@gmail.com

AUTHOR
       Jamie Nguyen <dyscoria@gmail.com>

SEE ALSO
       knock(1), knockd(1), random(4)

       See https://sourceforge.net/projects/knockonce/ for current information.

Last edited by dyscoria (2011-01-03 16:17:53)


flack 2.0.6: menu-driven BASH script to easily tag FLAC files (AUR)
knock-once 1.2: BASH script to easily create/send one-time sequences for knockd (forum/AUR)

Offline

#2 2011-01-01 11:00:52

dyscoria
Member
Registered: 2008-01-10
Posts: 1,007

Re: knock-once: script to create/send one-time sequences for knockd

Updated to 1.1 to fix handling of some command line options.


flack 2.0.6: menu-driven BASH script to easily tag FLAC files (AUR)
knock-once 1.2: BASH script to easily create/send one-time sequences for knockd (forum/AUR)

Offline

#3 2013-03-26 23:28:45

ilikenwf
Member
Registered: 2008-06-23
Posts: 42
Website

Re: knock-once: script to create/send one-time sequences for knockd

So, this will just work it's way down the list each time? I'm not sure if this would work with multiple machines who ssh in....hrm.

I wonder if it'd be possible to build a similar tool that mimics two factor RSA keys, so that if you have whatever random seed on a machine and a correct clock within +/- a reasonable window of time, you can generate the current ports that need knocked? You'd just need a cron script to run every X minutes to change the port sequence.

Offline

Board footer

Powered by FluxBB