login about faq

I did not see any information on SSH Server Port Obfuscation, Also Port Knocking, are there any plans to implement this. Or can I do it on my own in my code, before the SSH server gets called into... etc...

Thx, CodeChaser

asked Jun 14 at 15:45

CodeChaser's gravatar image

CodeChaser
1


By SSH Server Port Obfuscation, I assume you need the ability to connect to an SSH server listening on a port other than 22? If so, then it's just a matter of passing the required port number in the 2nd argument to the Ssh.Connect method. (The same applies for SFTP.)

Regarding port knocking... My understanding is this: "Port knocking is a stealth method to externally open ports that, by default, the firewall keeps closed. It works by requiring connection attempts to a series of predefined closed ports. When the correct sequence of port "knocks" (connection attempts) is received, the firewall opens certain port(s) to allow a connection. "

If this is true, then from the client side, it would simply be a matter of calling Connect for each of the "knocks" prior to calling Connect for the actual port. Your app could set the ConnectTimeoutMs property to a very small value for each of the knocks.

link

answered Jun 15 at 12:40

chilkat's gravatar image

chilkat ♦♦
11.8k316358421

Thanks for the quick answer...

Port knocking, thx makes sense!

====== Port Obfuscation is used to try and hide the protocol of a given port, i,e, the banner in a sense. Below is more detailed explanation...

In short, ssh connection starts with a handshake between client and server, which is performed in clear text. The purpose of obfuscating openssh handshake is to make it more difficult for traffic analysis tools to identify this process. Consequently, blocking, interfering or eavesdropping application(s) or mechanism(s) that target ssh traffic by relying on such identification will not be triggered. More difficult, but not impossible, especially if obfuscation is performed without using a keyword (see configuration and securing below). In addition, there definitely exist other methods of identifying ssh traffic, so handshake obfuscation may not solve all your problems.

link

answered Jun 15 at 16:04

CodeChaser's gravatar image

CodeChaser
1

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×90

Asked: Jun 14 at 15:45

Seen: 245 times

Last updated: Jun 15 at 16:04

powered by OSQA