• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » Port knocking in Ubuntu : Hide SSH Daemon on HP Cloud

By Abhishek Ghosh January 11, 2015 6:49 pm Updated on January 11, 2015

Port knocking in Ubuntu : Hide SSH Daemon on HP Cloud

Advertisement

Port knocking is used to stop port scan by the attackers who seeks the vulnerable services to attack. Here is guide for the HP Helion Public Cloud Users to use Port Knocking in Ubuntu 14.04 LTS or equivalent Deb Linux. HP Helion Public Cloud has Private Key (.pem) based login system to the instances. Also on HP Cloud, we need to configure the router, subnet, Ingress-Egress Policies to properly SSH to the instances. There is some theory in this article, which is important to know before we proceed to hide the SSH daemon on HP Cloud running latest Ubuntu LTS edition as Partner Image.
Note the Title – Port knocking in Ubuntu NOT Port knocking on Ubuntu. There is philosophical difference.

You should use a developmental server, not a production server. Else take a snapsot before proceeding.

 

Port Knocking in Ubuntu : Basic Theory About Port Knocking and IPTables

 

The port knocking is a mechanism for the externally opened ports (we opened using the Ingress, Egress policies for the External Network (Ext Net)) using a predetermined sequence of connection attempts to close the ports. Once the firewall receives a correct connection sequence, rules are modified to allow the host who made ‹‹attempts to connect to a specific port. The main purpose of port knocking is to prevent a port scan by an attacker who seeks possible vulnerable services to run major attacks. We talked about Man in the Middle Attack, Advanced Persistent Threat like bigger matters as well as small scale attacks. Port knocking does not generally lower the security of an unix system, it works as an another layer of security for minimal overhead. However, port knocking software can introduce new security problems or even lower the security. There is another thing named Single Packet Authorization, here only a single knock is needed.

Advertisement

---

We set a service to review the log or log firewall to detect this sequence of connection attempts. Another method is to have a process examining packets with a packet capture interface.

Linux system is fully customizable and is not restricted to the opening and closing of ports. Normally, we set the description of a sequence of knock tied to an action, such as running a bash script. Once, the sequence is detected by the port knocking demon, only then the associated script is executed. This script can add rules in the firewall to open ports. Knocks of different kinds can be used on the same Linux machine to perform different actions.

As we have SELinux running by default at runlevel and IP spoofing actually exists; you should use Port Knocking for definite purpose on Linux Distro which are not commonly used. We gave example with Ubuntu as it possibly most commonly used distort for the servers.

This is How Port knocking Works in Theory :

 

  1. The client can not connect to an application that is listening on port n.
  2. The client attempts to connect to a predefined set of ports in sequence, sending certain packets. The client has prior knowledge of the port knocking service and configuration, but receives no response during this phase because the firewall rules do not allow.
  3. The port knocking service intercepts the connection attempts and decodes to verify a real knock. The server performs specific tasks based on the knocking of ports as open other ports to the CLIENT.
  4. The client connects to the newly opened port n.
Port knocking in Ubuntu Hide SSH Daemon on HP Cloud

When the SSH Daemon is closed, we can login to the instances using OpenStack API. The default method is used in the dashboard Terminal. Otherwise, you will not be able login yourself during configuration and after it is set. You should ask HP Cloud Help over the Chat if you have issue to login via that dashboard Terminal. We can not openly discuss it for security reasons.

 

A secure server is means server without an internet connection or a server with our Router! Even, that might not be secure enough. Port numbers begin with the number 1 and ends with the number 65535. Actually the number is double as there are Ingress and Egress. Do not ask why Ingress = Egress. It can happen if security is exploited. We are talking about the number of chances. In essence, the firewall rules will know that a request really originated from a source address towards the destination port, like port 22, upon, receiving the request it will look at the rules defined by YOU to execute an action on the request. So the firewall is important. Special Knockd RPM Packages are available, you can use them, if you want.

 

Port knocking in Ubuntu : Steps To Hide SSH Daemon on HP Cloud

 

First install the software :

Vim
1
apt-get install knockd

knockd will be disabled by default.

This will be known as Step 1 for reference.

First we will run this command :

Vim
1
iptables -P INPUT DROP

It means, drop all the incoming traffic whatever the protocol is. If we run this command – sudo iptables -L, then we will get this kind of output :

Vim
1
2
3
4
5
Chain INPUT (policy DROP)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere            ctstate RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http

This will be known as Step 2 for reference.

There are two important files :

/etc/knockd.conf [configuration file]

and the working one :

/etc/default/knockd [daemon file]

The second one is what that will work. If you do not the files on the said locations, run locate knockd or whereis knockd command. If you open the file named /etc/knockd.conf (configuration file) with nano, it will look like this :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
13
14
[options]
        UseSyslog
[openSSH]
        sequence    = 7000,8000,9000
        seq_timeout = 5
        command     = /sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
        tcpflags    = syn
[closeSSH]
        sequence    = 9000,8000,7000
        seq_timeout = 5
        command     = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
        tcpflags    = syn

Under the [options] option, there is a directive -> UseSyslog. This tells knockd that to insert logs into /var/log/messages. I think you would like to specify normal place of error log file, you can do so by using this option instead:

Vim
1
LogFile = /path/to/log/file

You should configure the file like this :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[options]
        UseSyslog
[openSSH]
        sequence    = 3333,4444,5555
        seq_timeout = 5
        cmd_timeout = 10
        command     = /sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
        tcpflags    = syn
[closeSSH]
        sequence    = 5000,4000,3000
        seq_timeout = 5
        command     = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
        tcpflags    = syn

I am a human, not a man page! You should read the manual to understand what actually the things mean.

Test later changing the sequence. Over 50K people can read this guide and the same sequence. Now, we have to edit the daemon file :

Vim
1
2
3
4
5
nano /etc/default/knockd
## file should look like this
START_KNOCKD=1
# cli options
KNOCKD_OPTS="-i eth0"

We can restart knockd by running :

Vim
1
2
3
4
sudo service knockd restart
# start - stop is like the other services
/etc/init.d/knockd start
service knockd start

From local computer, for this guide, we will do SSH in this way :

Vim
1
knock server_ip_address 3333 4444 5555 && ssh -i ubuntu@server_ip_address

Try to run ssh login normally :

Vim
1
ssh -i ubuntu@server_ip_address

You will get :
sh: connect to host server_ip_address port 22: Operation timed out

Right thing happened!
Why you are trying to SSH? No SSH Daemon is running!
You can read on official website too – http://www.zeroflux.org/projects/knock

If my MacBook Pro is stolen, NSA can not login, because the sequence is from my mind and not written on the same MacBook Pro. Passwords and sequences, to some extent, better to forget than to write somewhere EXACTLY like the password is.

This is very basic settings for IPTables for the beginners. I use more difficult way. Do not forget that, we have Ingress, Egress Policies. I do this :

Vim
1
2
3
4
5
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -j DROP
sudo iptables -S

Instead of running :

Vim
1
iptables -P INPUT DROP

Which we wrote as – This will be known as Step 1 for reference.
But you will yourself get logged out and login via that HP Cloud Console and run these :

Vim
1
2
apt-get install iptables-persistent
service iptables-persistent start

What was written as This will be known as Step 2 for reference, will be the same. Single Packet Authentication can also be done, that will be a separate tutorial.

Tagged With how to detect port knocking , https://yandex ru/clck/jsredir?from=yandex ru;search;web;;&text=&etext=1828 7kdnfDaurH9r2Qw17Ex3NXxq-zGnWIYOgvjXCsmItOdhxb1RVqhtkK9X2V42mvcw 8c51bd1c5b6692a655a7fef338f474087797b034&uuid=&state=_BLhILn4SxNIvvL0W45KSic66uCIg23qh8iRG98qeIXme , port knock , Shutting down the listening SSH daemon , single packet authorization ubuntu 16 04

This Article Has Been Shared 857 Times!

Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to Port knocking in Ubuntu : Hide SSH Daemon on HP Cloud

  • Cloud Computing Price Comparison : Comparing the Best Cloud Providers

    Cloud Computing Price Comparison is important to compare various services like IaaS, SaaS, PaaS, Private Cloud, Hybrid Cloud or simple Cloud Hosting.

  • Copyright and Licensing in the Cloud Platform

    Copyright and Licensing in the Cloud Platform has two facet of questions. One is for the users who will deliver the services and other is the original provider.

  • Azure IaaS and Impact on Marketshare by Amazon and Rackspace

    Azure IaaS is possibly the most important move on Cloud Computing IaaS market by Microsoft Azure in 2013. Unlike Rackspace, they have kept a free trial tier.

  • Pinterest is a Big Lesson on Scalability

    Pinterest is a Big Lesson on Scalability – Pinterest is one of those startups who to had to deal with an exponential growth of 10 billion page views.

  • Telemedicine and Cloud Computing

    Telemedicine and Cloud Computing can be exploited and in fact several projects and brands use Cloud Computing in the way of Grid Computing to power up Telemedicine.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • What is an Automatic Ethanol Fireplace February 8, 2023
  • Disadvantages of Cloud-Native Computing February 7, 2023
  • Projector Screen Basics February 6, 2023
  • What is Configuration Management February 5, 2023
  • What is ChatGPT? February 3, 2023

About This Article

Cite this article as: Abhishek Ghosh, "Port knocking in Ubuntu : Hide SSH Daemon on HP Cloud," in The Customize Windows, January 11, 2015, February 8, 2023, https://thecustomizewindows.com/2015/01/port-knocking-ubuntu-hide-ssh-daemon-hp-cloud/.

Source:The Customize Windows, JiMA.in

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT