-
Notifications
You must be signed in to change notification settings - Fork 12
too long, didn't read
Say, we want ssh access to our remote webserver but lock him down against attacks real hard. So we use fwknop to achieve this. SSHD will be blocked by the firewall, only SPA can get thru.
The most effective and easiest way to use fwknop is to have the client generate both an encryption key and an HMAC key, and then save them to the “$HOME/.fwknoprc” file along with access request specifics.
we run the client like so to generate encryption and HMAC keys:
fwknop -A tcp/22 --use-hmac -R -D 2.2.2.2 --key-gen --save-rc-stanza --verbose
[+] Wrote Rijndael and HMAC keys to rc file: /home/user/.fwknoprc
The most common usage of fwknop is to gain access to SSH running on a remote system that has the fwknopd daemon deployed along with a default-drop firewall policy.