Results 1 to 4 of 4

Thread: Crontab to open specific ports

  1. November 27th, 2009 #1
    BrentC
    BrentC is offline 5 Cups of Ubuntu
    Join Date
    Feb 2007
    Beans
    30

    Crontab to open specific ports

    I know this sounds absurd just by reading the title, but hear me out. I am trying to find an elegant way to add a crontab to open a specific inbound port(s) every once and awhile on my server.

    Why? Port knocking. In essence, I am actually opening a port to ensure that another port is closed *almost* all the time. Make sense now? Good.

    I am trying to get some ideas on how to accomplish this without a lot of overhead and/or more security risks. So far all I have come up with is running a crontab to SSH to the server using the port. I don't like this idea though and it wasn't working when I tried it earlier.

    Google almost has no relevant returns to this subject. Most of them are about closing open ports, oh the irony. Not really asking for code, just wondering if anyone has any other ideas on how to implement this since my last method wasn't working.
    Advanced reply Adv Reply  
  2. November 28th, 2009 #2
    Aearenda's Avatar
    Aearenda
    Aearenda is offline Iced Almond Soy Ubuntu, No Foam
    Join Date
    Apr 2006
    Location
    Melbourne, Australia
    Beans
    1,109
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: Crontab to open specific ports

    You should be able to do that with 'ufw', which is installed by default in Ubuntu.

    However, to avoid re-inventing the wheel, take a look at this discussion, this thread, and this page.

    Personally, I find that the use of a mandatory RSA key along with a high port for SSH is secure enough.
    Advanced reply Adv Reply  
  3. November 28th, 2009 #3
    kevdog's Avatar
    kevdog
    kevdog is offline I Want My $2!!
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,958
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Crontab to open specific ports

    Take a look at the fwknop port knocking application. It sounds like what you want. The implementation would be a lot more secure than just randomly opening up a port at a set interval for a period of time.
    Advanced reply Adv Reply  
  4. November 29th, 2009 #4
    Lars Noodén's Avatar
    Lars Noodén
    Lars Noodén is offline Ubuntu Member
    Join Date
    Sep 2006
    Beans
    8,627
    Distro
    Ubuntu 14.04 Trusty Tahr

    port knocking

    Quote Originally Posted by kevdog View Post
    Take a look at the fwknop port knocking application.
    These two documents help with that:

    https://help.ubuntu.com/community/PortKnocking

    https://help.ubuntu.com/community/Si...tAuthorization

    If it is a mater of restricting access to certain minutes or hours, then
    xinetd can be used by not running sshd standalone:

    Code:
    update-rc.d ssh remove
    The configure the file xinetd.d/ssh:

    Code:
    service ssh
{
        socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = root
        server          = /usr/sbin/sshd
        server_args     = -i
        per_source      = UNLIMITED
        log_on_success  = USERID HOST DURATION
        access_times    = 9:00-9:30 12:00-16:00
}
    Advanced reply Adv Reply  
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Ubuntu Forums Code of Conduct