Facebook Twitter Instagram
    TecAdmin
    • Home
    • FeedBack
    • Submit Article
    • About Us
    Facebook Twitter Instagram
    TecAdmin
    You are at:Home»Security»How to Secure SSH Connections with Port Knocking on Linux CentOS

    How to Secure SSH Connections with Port Knocking on Linux CentOS

    By jason.sotoApril 10, 20143 Mins Read

    Port Knocking is a technique used to secure connections or port access from unwanted users. Using this technique we maintain one or more previously configured ports closed and these will only be opened using a sequence of requests to a number of ports that wepreviouslyset .

    Advertisement

    To give an example , if we configure port Knocking access to port 50, this port will only be open when we make requests to the ports 1000,2500,3000 in that order , doing so, once we complete the sequence correctly the firewall will open the port that was previously closed.With this we add another level of security to certain types of connections to our server.

    The client can perform the port knocking using Nmap, Telnet, or a tool for these purposes.

    Let’s secure SSH connections using this method on a server running Linux CentOS . Follow the below steps as root.

    Install Prerequisites

    Install the libpcap library packages as requirment of Knock-server

    # yum install libpcap*
    

    Install Knock Server Package

    Download and install knock-server rpm package

    # wget http://li.nux.ro/download/nux/misc/el6/i386/knock-server-0.5-7.el6.nux.i686.rpm
    # rpm -ivh knock-server-0.5-7.el6.nux.i686.rpm
    

    Before setting up the Knockd daemon, we must create an iptable rule the drops all connections to the SSH port , in this case we ‘ll use the default (22).

    # iptables -A INPUT -p tcp --dport 22 -j DROP
    # service iptables save
    

    [NOTE: Do not use below command it you are connected with SSH to server, It will drop your current connection]

    OK ,we can now configure our knockd daemon so that out SSH port opens after a correct port knocking Sequence. Edit knockd configuration file add following values

    # vi /etc/knockd.conf
    
    [options]
            logfile = /var/log/knockd.log
    
    [openSSH]
            sequence = 5040,6010,6500
            seq_timeout = 30
            tcpflags = syn
            Start_command = /sbin/iptables -I INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
    
    [closeSSH]
            sequence = 4040,5050,8080
            seq_timeout = 30
            command = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
            tcpflags = syn
    
    

    Save the file and Quit (:wq!)

    Finally start the Knockd service

    # service knockd  start
    

    How to Use Port Port Knowcking

    Here to open the SSH port we will knock ports 5040,6010,6500 and when the sequence is completed correctly it will run a command that will add a rule in the firewall to allow the connection to our Linux Server via port 22 . We have another directive to close the port,Knocking ports 4040,5050,8080 it will run a command that will remove the Firewall rule that allowed us to do the connection via SSH.

    To Knock the ports you can use the tool Nmap or Telnet as follow. For this example we use nmap.

    To Open the SSH connection

    # nmap -p 5040 SERVER-IP
    # nmap -p 6010 SERVER-IP
    # nmap –p 6500 SERVER-IP
    

    To close the connection

    # nmap -p 4040 SERVER-IP
    # nmap -p 5050 SERVER-IP
    # nmap -p 8080 SERVER-IP
    

    If we see the Knockd log we will have something like this

    # tail /var/log/knockd.log
    
    [2014-04-10 05:20] 192.168.1.184: openSSH: Stage 1
    [2014-04-10 05:21] 192.168.1.184: openSSH: Stage 2
    [2014-04-10 05:21] 192.168.1.184: openSSH: Stage 3
    [2014-04-10 05:21] 192.168.1.184: openSSH: OPEN SESAME
    [2014-04-10 05:21] openSSH: running command: /sbin/iptables -I INPUT -s 192.168.1.184 -p tcp --dport 22 -j ACCEPT
    

    I’m going to show a little more graphical .

    openssh-port-knocking-1

    openssh-port-knocking-2

    This is a brief representation of the process including authentication with RSA keys.

    Here we have our remote connections with a good level of security and combine with RSA authentication we hardened the connection even more. We can use this method to secure any type of connections to our Linux Server. To read more about visit http://www.zeroflux.org/projects/knock

    knock-server knock-ssh knowcking port security SSH
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp

    Related Posts

    How To Display Warning Message to Unauthorized SSH Access

    How to Set a Custom SSH Login Banner and MOTD

    How to Install and Secure OpenSSH Server on Pop!_OS

    View 2 Comments

    2 Comments

    1. saeed on February 26, 2016 12:38 pm

      hi, i did as you said, but that doesn’t work.
      but i deleted the iptable rule, and did the steps again and add the ip rule at the end, and that worked , thanks :)))

      Reply
    2. Nerd Uno on July 5, 2014 12:02 pm

      Don’t forget to configure your server to start knockd when it boots:

      chkconfig –level 2345 knockd on

      Reply

    Leave A Reply Cancel Reply

    Advertisement
    Recent Posts
    • How to Install PHP 8.2-7.4 on RHEL & CentOS Stream 9
    • How to Install MySQL 8.0 on RHEL & CentOS Stream 9
    • How to Split Large Archives in Linux using the Command Line
    • System.out.println() Method in Java: A Beginner’s Guide
    • Split Command in Linux With Examples (Split Large Files)
    Facebook Twitter Instagram Pinterest
    © 2023 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.