Port knocking via SSH tunnels

Posted by j0ker on Super User See other posts from Super User or by j0ker
Published on 2012-06-09T09:35:20Z Indexed on 2012/06/09 10:42 UTC
Read the original article Hit count: 261

Filed under:
|
|

I have a server running in my university's internal network. There is only one SSH daemon running which is secured by port knocking with knockd. Works fine if I try to connect from within the internal network.

But since the server has no external IP, I have to tunnel into the internal network every time I want to access the server from outside. And since tunneling only works for a single port I cannot do the port knocking as easily as from an internal client. In fact, I don't get it to work at all.

What I'm trying is opening tunnels for all the different ports that have to be knocked. Then I send TCP-SYN packets into the tunnels. But that doesn't work even for a single port. If I establish the tunnel on the first port in the knock sequence and send a packet through it, it doesn't reach the server. There is no entry in the log file of knockd, while there should be something like 123.45.67.89: openSSH: Stage 1 (as shown with internal knocks).

So I guess, the problem doesn't exist within my knocking script but is a more general one. Are there any known problems with what I'm trying to do? Is it even possible or am I missing something?

Thanks in advance!

© Super User or respective owner

Related posts about networking

Related posts about port