Re: patch to add built-in support for port knocking
This is a discussion on Re: patch to add built-in support for port knocking within the OpenSSH Development forums, part of the Networking and Network Related category; On Sat, Jul 15, 2006 at 11:00:02AM -0400, Ryan Findley wrote: > A friend gave me access to ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-16-2006
|
|||
|
|||
Re: patch to add built-in support for port knocking
On Sat, Jul 15, 2006 at 11:00:02AM -0400, Ryan Findley wrote:
> A friend gave me access to an svn(+ssh) repository the other day, and > told me that I needed to do some port knocking to open up ssh. It > occurred to me that it would be extremely convenient if I could add a > "knock" configuration option for the host to my ~/.ssh/config file > and never think about this again (rather than creating a shell script > to accomplish this behavior, and remembering to use it for remote > access and svn activity). You can do it from ~/.ssh/config already with a ProxyCommand. Make yourself a little shell script that does the portknocking then execs connect or netcat, like so: #!/bin/sh your_portknock_command $1 && exec /usr/bin/nc $1 $2 Then, add it to ~/.ssh/config: Host svnserver.example.com ProxyCommand /usr/local/bin/portknock_connect %h %p > After some pretty small changes to ssh.c and readconf.c, my dream is > now a reality. > Might I be able to convince the good people of OpenSSH to consider > adding my changes to CVS? It's unlikely. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org http://lists.mindrot.org/mailman/lis...enssh-unix-dev 
|
Linear Mode
