Tutorial Series

How To Implement Port Knocking to Obscure your SSH Daemon

Default avatar
By Justin Ellingwood
Developer and author at DigitalOcean.
How To Implement Port Knocking to Obscure your SSH Daemon

Introduction

Port knocking is a security concept that involves dynamically altering firewall rules to expose access to an otherwise protected service. This is done by sending a pre-configured special packet, or a pattern of packets that the port knocking software is listening for. In this series, we will discuss a variety of ways to configure port knocking to add an extra layer of security around your SSH daemon.

Summary View
detailed View

Series Tutorials

Tutorial

Single Packet Authentication is a method that grew out of earlier port knocking as a way of keeping services shielded until you request access through a predefined sequence of events. Single packet authentication does this by sending a single encrypted packet to the server in order, which can then validate the client and open the requested port. In this article, we will discuss how to use the fwknop suite to implement single packet authentication on an Ubuntu 12.04 VPS.

Tutorial

Port knocking is a method of protecting your services behind a firewall until connection attempts are made to a specific sequence of ports in a certain amount of time. The firewall rules are then modified to allow access to the service and the user can connect as normal. In this article, we will discuss how to implement port knocking to add an extra layer of protection to your SSH daemon in order to dissuade attackers.

Tutorial

Port knocking is a method of hiding services behind a firewall until a specific sequence of network activity occurs. After detecting this, the firewall is dynamically reconfigured to expose the requested service for the client who completed the specific sequence of activity. In this article, we will discuss how to implement a port knocking mechanism on an Ubuntu VPS using only the tools available within the iptables package.

Check out all our Tutorial Series

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.