You can't detect when SSH has been established from everywhere else than
your endpoint because of encryption. What you can detect is that someone
tried to connect, which is not exactly what you want.
Port Knocking will not help you also, it also can't detect a connection. it
can detect that someone tried to access some port(s) but not the result.
What you can do is make a script on your login script (e.g.: .profile) that
is called whenever you connect and do some bash magic to detect your IP and
insert a rule to open the port for your IP. Remember to have a .bash_logout
or something similar to close the door at your exit.
May I suggest you alter your line of thinking and use FWKNOP
(http://www.cipherdyne.org/fwknop/)? With it you can send a packet to open
the port for you and specify a timeout which fwknop will close after the
timeout, all automatically. It can open multiple ports, run a script,
accept direct commands etc. That way you cand send a package (called SPA,
Single Packet Authorization) which is encrypted and can't be replayed like
normal port knocking, and fwknop would open SSH and port 234 only for your
IP, whatever is your IP at that moment, no need for dyndns either.
Flavio Machado
Brazil
Selvam Matthys <[email protected]> wrote on 19 Jun 2010, 02:21 PM:
Subject: [Shorewall-users] open ports after established
Hi,
What I want to accomplish is this: I want to connect with my laptop to my
server ssh port 22. This rule is easy and is working very good. Butt when
my laptop have an established connection with ssh, I want port 234 to open
on my server.
So when i'm NOT connected on my ssh, TCP port 234 is closed. when I login
to my ssh port I want TCP port 234 to open (only to me if possible.)
I looked for this butt the only thing I can find is with port knocking.
Then I was thinking to use dyndns so i can use a normal rule to accept 234
to my laptop dynamic ip, but how do I usemylaptop.dyndns.org in my rules?
Sincerely,
Selvam Matthys
------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit. See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
-----------------------------------------------------------------------------------------------------------------------
Send big files for free. Simple steps. No registration.
Visit now http://www.nawelny.com
------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit. See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
