Rick DeNatale wrote:
I prefer to use /etc/hosts.allow and set it up so that IP addresses that I use on a regular basis are only allowed to connect via ssh. For the situation where I'm at an IP address that isn't in my /etc/hosts.allow, I log on to a friend's machine who is far more adventuresome than I and then ssh in from his box to my box only long enough to add the new IP address my /etc/hosts.allow.I've been thinking about ways to keep ports like ssh closed to the internet until I need them.
Port knocking seems to be a popular technique but I'm not sure that that's what I want. For one thing it won't work if the incoming client is behind a firewall which blocks outgoing traffic on one or more of the knock ports.
So I was thinking of something like a cgi on my webserver which I could talk to via ssl. This could accept a passphrase and alter the firewall rules to open up another port for the client's ip address, perhaps for some time period, or whatever policy I wanted to apply.
Is anyone aware of anything which does this or something similar?
Another nice thing to support might be, under client request, instead of opening up port 22 for sshd, redirect port 443 to 22 for that client in order to let ssh tunnel through a firewall which allows outgoing https but not ssh,
I've also thought of setting up a "fake" sshd, which would make intruders "think" that they had gotten in, only to get a "MOTD" which said something like:
Thank you for participating in the NSAs cyber-hacker registration program. We have noted your information and entered it into our target database. Retaliation will be performed at a random time, under the authority of the US Patriot Act. Have a great day!
and then they would be disconnected.
I think that this could be done with iptables and a small bit of programming.
Someone on this list earlier suggested using your trilug ssh account for the same purpose which sounds good to me as well.
Jeff G.
--
Law of Procrastination:
Procrastination avoids boredom; one never has
the feeling that there is nothing important to do.
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
