Archived Forum Post

Index of archived forum posts


SSH Server Port Obfuscation, Also Port Knocking

Jun 15 '16 at 16:04

I did not see any information on SSH Server Port Obfuscation, Also Port Knocking, are there any plans to implement this. Or can I do it on my own in my code, before the SSH server gets called into... etc...

Thx, CodeChaser


By SSH Server Port Obfuscation, I assume you need the ability to connect to an SSH server listening on a port other than 22? If so, then it's just a matter of passing the required port number in the 2nd argument to the Ssh.Connect method. (The same applies for SFTP.)

Regarding port knocking... My understanding is this: "Port knocking is a stealth method to externally open ports that, by default, the firewall keeps closed. It works by requiring connection attempts to a series of predefined closed ports. When the correct sequence of port "knocks" (connection attempts) is received, the firewall opens certain port(s) to allow a connection. "

If this is true, then from the client side, it would simply be a matter of calling Connect for each of the "knocks" prior to calling Connect for the actual port. Your app could set the ConnectTimeoutMs property to a very small value for each of the knocks.


Thanks for the quick answer...

Port knocking, thx makes sense!

====== Port Obfuscation is used to try and hide the protocol of a given port, i,e, the banner in a sense. Below is more detailed explanation...

In short, ssh connection starts with a handshake between client and server, which is performed in clear text. The purpose of obfuscating openssh handshake is to make it more difficult for traffic analysis tools to identify this process. Consequently, blocking, interfering or eavesdropping application(s) or mechanism(s) that target ssh traffic by relying on such identification will not be triggered. More difficult, but not impossible, especially if obfuscation is performed without using a keyword (see configuration and securing below). In addition, there definitely exist other methods of identifying ssh traffic, so handshake obfuscation may not solve all your problems.