opensshd and knockd ...

Support section for FREESCO v0.4.x 3rd Party Packages

opensshd and knockd ...

Postby bob selby » Tue Sep 25, 2012 3:34 pm

I finally got fed up with the "script bunnies" trying to login to my ssh port ... (I cannot change the port from 22, sadly).

I found the 04x version of "knock" and have installed it but cannot see an obvious way to set "opensshd"'s port to "secure".

Can someone please give me a guide here please :-)

Regards
Bob
bob selby
Advanced Member
 
Posts: 302
Joined: Wed Nov 21, 2001 8:18 am
Location: London, UK

Re: opensshd and knockd ...

Postby Lightning » Tue Sep 25, 2012 10:58 pm

I am assuming that you have the OpenSSH package installed rather than using the built in SSH server Dropbear. Which for Dropbear it is just a matter of enabling the server in "s" mode. However for OpenSSH it has a firewall rule in the /pkg/rc/rc_opensshd script that is enabled by default. So you should have to have disabled it manually in the script or using the built in disable firewall configuration in the "setup". Knowing which way you disabled it would help in explaining how to enable it again. If you used the setup to disable it then when the firewall starts it will show the firewall is disabled for that package.
If you are afraid that you might make a mistake. The chances are high that you will never learn anything.
User avatar
Lightning
FREESCO GOD !!
 
Posts: 12079
Joined: Wed Nov 14, 2001 6:50 am
Location: Oregon, USA

Re: opensshd and knockd ...

Postby bob selby » Wed Sep 26, 2012 2:09 am

I dont recall disabling the firewall rule ...

However, the line ---

case $1 in
$fire) # ipfwadm -I -a $Pd -P tcp -W $INET -D 0/0 $Port $LOG
;;
$setu) edithlp

--- was commented out.

Removing the "# " means that the package is now running and the port is now appears "stealthed" :-)

I am running v "opensshd_3.7.1p1_dingetje"

I am assuming the rule above is correct for what I need.

Next step - testing "knock" :-)

Thanks
Bob
bob selby
Advanced Member
 
Posts: 302
Joined: Wed Nov 21, 2001 8:18 am
Location: London, UK

Re: opensshd and knockd ...

Postby Lightning » Wed Sep 26, 2012 9:03 pm

I am assuming the rule above is correct for what I need.
Yes
Next step - testing "knock"
Be aware that I have had some issues when mixing tcp and udp packet types when using knock. So start testing with just plain port numbers without the tcp or udp flags.
If you are afraid that you might make a mistake. The chances are high that you will never learn anything.
User avatar
Lightning
FREESCO GOD !!
 
Posts: 12079
Joined: Wed Nov 14, 2001 6:50 am
Location: Oregon, USA

Re: opensshd and knockd ...

Postby bob selby » Thu Sep 27, 2012 4:34 am

Thanks for that :-)

Lightning wrote:
Next step - testing "knock"
Be aware that I have had some issues when mixing tcp and udp packet types when using knock. So start testing with just plain port numbers without the tcp or udp flags.


Is that an issue for just "knockd" or the windoze client ?? or both ??

Best regards
Bob
bob selby
Advanced Member
 
Posts: 302
Joined: Wed Nov 21, 2001 8:18 am
Location: London, UK

Re: opensshd and knockd ...

Postby Lightning » Thu Sep 27, 2012 8:34 pm

Is that an issue for just "knockd" or the windoze client ?? or both ??
Looking at the source code, it does explain that the knock client included in the package is extremely basic and if you want or need to send more complicated packets with different flags set on each packet like "fin, syn, rst, psh, ack, or urg" then you should use another client such as "hping, sendip, or packit". So I think the main issue is the client is not complex enough to do all of the things the server is capable of doing. However be aware that you can send up to a 32 port sequence and it does not matter if the port is closed or not because knock runs at a link-layer level. For my own purposes I have never had anyone get into a knock protected system. Of course I am also doubtful anyone has really tried as there really isn't anything of value to be found on anything that I own unless they are after open source software. :wink:

What I am finding as VERY effective is blocking the people who are trying to hack the system. The emailblock package has almost entirely stopped anyone trying to force there way into my email as it blocks people from the entire system after there third (configured) failed login attempt for a few (configured) hours. I have also just created a FTP option that will be released in 0.4.5 that does the same thing. So brute force login attempts will be eliminated and I am working on the source code so that I will hopefully I will be able to do the same thing for the SSH server Dropbear. regardless I can say that I was getting about thirty log files a day and now I am getting one a week after the implementation.

This same type of system might be able to be adapted for OpenSSH, but I have not looked into it to know one way or another.
If you are afraid that you might make a mistake. The chances are high that you will never learn anything.
User avatar
Lightning
FREESCO GOD !!
 
Posts: 12079
Joined: Wed Nov 14, 2001 6:50 am
Location: Oregon, USA

Re: opensshd and knockd ...

Postby bob selby » Tue Oct 02, 2012 3:28 am

Thanks - that all works a treat :-)
Bob
bob selby
Advanced Member
 
Posts: 302
Joined: Wed Nov 21, 2001 8:18 am
Location: London, UK


Return to 3rd Party Package Support for FREESCO v0.4.x

Who is online

Users browsing this forum: No registered users and 2 guests

cron