Tutorial Series

How To Implement Port Knocking to Obscure your SSH Daemon

Default avatar
By Justin Ellingwood
Developer and author at DigitalOcean.
How To Implement Port Knocking to Obscure your SSH Daemon

Introduction

Port knocking is a security concept that involves dynamically altering firewall rules to expose access to an otherwise protected service. This is done by sending a pre-configured special packet, or a pattern of packets that the port knocking software is listening for. In this series, we will discuss a variety of ways to configure port knocking to add an extra layer of security around your SSH daemon.

Summary View
detailed View

Series Tutorials

Tutorial

Single Packet Authentication is a method that grew out of earlier port knocking as a way of keeping services shielded until you request access through a predefined sequence of events. Single packet authentication does this by sending a single encrypted packet to the server in order, which can then validate the client and open the requested port. In this article, we will discuss how to use the fwknop suite to implement single packet authentication on an Ubuntu 12.04 VPS.

Tutorial

Port knocking is a method of protecting your services behind a firewall until connection attempts are made to a specific sequence of ports in a certain amount of time. The firewall rules are then modified to allow access to the service and the user can connect as normal. In this article, we will discuss how to implement port knocking to add an extra layer of protection to your SSH daemon in order to dissuade attackers.

Tutorial

Port knocking is a method of hiding services behind a firewall until a specific sequence of network activity occurs. After detecting this, the firewall is dynamically reconfigured to expose the requested service for the client who completed the specific sequence of activity. In this article, we will discuss how to implement a port knocking mechanism on an Ubuntu VPS using only the tools available within the iptables package.

Check out all our Tutorial Series

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more