Skip to content

Instantly share code, notes, and snippets.

@wcarhart

wcarhart/knock.sh

Last active January 13, 2021 19:06
Show Gist options
  • Save wcarhart/905fb3b9f5f5bd98a07dc1ddc8d77d67 to your computer and use it in GitHub Desktop.
Save wcarhart/905fb3b9f5f5bd98a07dc1ddc8d77d67 to your computer and use it in GitHub Desktop.
Download ZIP
Setup and use port knocking
Raw
knock.sh
#!/bin/bash
# test port knocking using nmap
for port in 7151 10888 8899 ; do nmap -Pn --host_timeout 201 --max-retries 0 -p $port ipaddress ; done && ssh root@ipaddress
# test port knocking using knock
sudo apt-get update
sudo apt-get install knockd
knock ipaddress 7151 10888 8899 && ssh root@ipaddress
Raw
setup_knockd.sh
#!/bin/bash
# works on Ubuntu
# for centOS, etc., use different package manager to install dependencies, but idea is the same
# set up firewall
sudo iptables -A INPUT -i lo -j ACCEPT # accept localhost
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT # accept established connections
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT # accept HTTP requests
sudo iptables -A INPUT -j DROP # drop everything else
sudo iptables -S
# persist firewall rules
sudo apt-get update
sudo apt-get install iptables-persistent
sudo service netfilter-persistent start
# set up knocking
sudo apt-get install knockd
sudo cat <<- EOF > /etc/knockd.conf
[options]
UseSyslog
[SSH]
sequence = 7151,10888,8899
seq_timeout = 5
command = /sbin/iptables -I INPUT 1 -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn
cmd_timeout = 5
stop_command = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
EOF
sudo echo 'START_KNOCKD=1' > /etc/default/knockd
sudo service knockd start
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment