Port knocking is a simple concept, it’s like you invite friends at home, you tell them, when you arrive, you ring twice short, then once long on the bell, so I that can recognize you then open the door, otherwise it’s a false alarm.
From this step, we have two methods, first one, passing by IPtables, second one using Knockd package (simple, which I recommend). I’ll go through both of’em.
Install & Configure Knockd
sudo apt install knockd
Then editing the file knockd.conf
sudo nano /etc/knockd.conf
Here in our example, by “knocking” (send SYN packet) on the ports : 7777, 8888 then 9999 the port of SSH is gonna open. Same goes for closing it.
Next step, we edit the “/etc/default/knockd”
sudo nano /etc/default/knockd
Look for the line : “START_KNOCKD”, uncomment it, then set the value to 1
As for line “KNOCKD_OPTS” we set its value the active interface in our machine. We could use ifconfig or tcpdump -D.
We can now, start, enable and check the status of knockd
sudo systemctl start knockd && sudo systemctl enable knockd && sudo systemctl status knockd
Lets jump to our client machine to try to connect to the server via SSH. We’ll get a connection timeout error!
