How to use port call waiting to secure an SSH service on Linux

featured image

 

Port call waiting is a great technique for controlling access to a port by allowing only legitimate users to access the service running on the server. It works in such a way that when the correct connection attempt sequence is established, the firewall will preferably open a closed port.

The logic of port knocking is to protect your Linux system from automatic port scanners barking at open ports. In this guide, we will look at how to set up port call waiting and how to configure it to secure your SSH service. For demonstration purposes we use Ubuntu 18.04.

Step 1: Install and configure knockd

To get started, log in to your Linux system and install knockd daemon as shown.

$ sudo apt install knockd

Once installed, open knockd.conf configuration with the desired text editor. Here we use the vim command line text editor.

$ sudo vim /etc/knockd.conf

The default configuration file is displayed as follows.

knockd configuration file
knockd configuration file

 

Below [openSSH] section, we need to change the default call waiting order – 7000,8000,9000 – to something else. This is because these values ​​are already known and can compromise system security.

For testing purposes, we have set the values ​​to 10005, 10006, 10007. This sequence is used to open the SSH port from the client system.

On the third line – from command, change -A that -I Right after it /sbin/iptables command and before INPUT.

And lastly, [closeSSH] section, change the default sequence to the desired selection. This sequence is used to close the SSH connection when the user is ready and logs out of the server.

Here is our complete lineup.

knockd configuration settings
knockd configuration settings

When you’re done, save your changes and exit.

Another lineup that we need to change is / etc / default / knockd. Open again with a text editor.

$ sudo vim /etc/default/knockd
Knockd default settings
Knockd default settings

Find the line START_KNOCKD=0. Comment on it and set it to 1.

Next, go on the line KNOCKD_OPTS=”-i eth1” Comment on it and replace the default eth1 value with the active network connection of the system. To check the network interface, simply run the ip addr or ifconfig command.

Our system, enp0s3 is the active network card.

Active network connection
Active network connection

The whole configuration is as shown.

knockd Specifications Values
knockd Specifications Values

Save changes and exit.

Start and then enable knockd daemon as shown.

$ sudo systemctl start knockd
$ sudo systemctl enable knockd

Check knockd daemon, run the command:

$ sudo systemctl status knockd
Check knockd status
Check knockd status

Step 2: Close the firewall SSH port 22

Because the goal is knockd The purpose of the service is to either grant or block access to the ssh service, we close the ssh port of the firewall. But first, check the status of the UFW firewall.

$ sudo ufw status numbered
Check UFW status
Check UFW status

We can see it clearly from the result SSH to the port 22 is open in both IPv4 and IPv6 protocols numbered 5 and 9 respectively.

These two rules must be removed as shown in the figure, starting with the largest value 9.

$ sudo ufw delete 9
$ sudo ufw delete 5
Delete UFW rules
Delete UFW rules

If you now try to log on to the remote server, you will receive a connection timeout error as shown in the picture.

SSH connection timeout
SSH connection timeout

Step 3: Configure the call waiting client to connect to the SSH server

In the final step, we configure the client and try to log in by first sending the call waiting order we specified to the server.

But first install knockd daemon just like on a server.

$ sudo apt install knockd

When the installation is complete, send the call waiting sequence using the visible syntax

$ knock -v server_ip knock_sequence

In our case, this means:

$ knock -v 192.168.2.105 10005 10006 10007

You should get a similar output as we have, depending on your order. This shows that the call attempts were successful.

Call waiting order
Call waiting order

At this point, you should be able to log in to the server using SSH.

Connect to the server using Knockd
Connect to the server using Knockd

After completing the job on the remote server, close the SSH port by sending an end call waiting sequence.

$ knock -v 192.168.2.105 10007 10006 10005

All attempts to log in to the server will fail, as shown.

Close the SSH ports
Close the SSH ports
Decision ideas

This summarizes this guide on how port utilization can be used to secure SSH service on your server. A better and easier way would be to set up SSH authentication for your password using SSH key pairs. This ensures that only a user with a private key can authenticate on the server where the public key is stored.

https://www.swxbt.com/how-to-use-port-call-waiting-to-secure-an-ssh-service-on-linux/

Comments

Post a Comment

Popular posts from this blog

Installing Config Server Firewall (CSF) on Debian / Ubuntu

Image
  Config Server Firewall ConfigServer and Security firewall , abbreviated CSF , is an open source and advanced firewall designed for Linux systems. Not only does it provide basic firewall functionality, but it also offers a wide range of advanced features such as logon / intrusion detection, exploit scans, death protection ping, and more. [ You might also like: 10 Useful Open Source Security Firewalls for Linux Systems ] In addition, it also provides interface integration with widely used control panels such as cPanel, Webmin, Vesta CP, CyberPanel and DirectAdmin. For a complete list of supported features and operating systems, visit ConfigServer’s official website . In this guide, we will guide you through the installation and configuration ConfigServer Security & Firewall ( CSF ) on Debian and Ubuntu . Step 1: Install CSF Firewall on Debian and Ubuntu First, you need to install some dependencies before you start the installation CSF party wall. Update the packag...
Read more

How to Spam Chat WA

Image
This WA chat spam method is actually quite easy to do. And as you know, WhatsApp is currently one of the most widely used applications by Android users today. And as you know, this application itself is also often used to prank friends or relatives in their spare time. As a chat application that is quite popular, indeed almost everyone has a WhatsApp account to communicate. People like to use WhatsApp because of its simple appearance so that it can be used by anyone. And also has many interesting features and supports its users to use it as needed. So how do you spam this WA chat? Here’s the review! How to Spam Chat WA How to Spam Chat WA on Android Although the features are quite complete, it’s a shame this application does not have a feature to bomb chat alias WA spam. Even though many users of this messaging application need it to support various activities. However, with the help of several applications downloaded from the Play Store, it can be used as a way to...
Read more

5 Ways to View Instagram Links

Image
  How to view Instagram links is actually quite easy to do. As you know, Instagram is a social media platform that is used to share videos or photos. Instagram is a social media platform that is used to share videos or photos via stories, feeds, real IG, or IGTV. How to view this Instagram link can be done very easily. The reason is because Instagram itself has provided a feature to view it. There is also a feature to copy the profile link from an existing post. Given the number of posts and users on Instagram. So it will not rule out the possibility that under certain conditions the user wishes to know or copy the post or profile link. But unfortunately there are still many people who don’t know how to find Instagram links. Though the steps taken will not take much time. So how to view these Instagram links? Here’s the review! How to View Instagram Links How to Use the Instagram App How to view Instagram links is actually quite easy to do. The Instagram applicatio...
Read more