[TriLUG] Denyhosts and Custom Regex
James Tuttle
jjtuttle at trilug.org
Thu Nov 13 07:14:34 EST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There are many public wifi spots that limit outgoing connections to TCP
port 80. I've tried connecting to other well-known ports like 443,
8080, and 25, without success. I'd like to have a reliable way to
create a secure connection and port 80 is the one port that is always
available.
James
Kevin Kreamer wrote:
> James,
>
> Why not run sshd on a high-numbered port? While the access points in
> question might limit ports like 22, they usually stop limiting at port 1024.
> (Obviously, your mileage may vary).
>
> Something like 8080 is traditional; something like 8763 is a bit more
> obscure.
>
> Kevin
>
> On Fri, Nov 7, 2008 at 12:10, Jim Tuttle <jjtuttle at trilug.org> wrote:
>
>> Hi Alan,
>>
>> The use case is that often I find myself behind wireless access points
>> in public places that limit outgoing traffic to port 80. That's the
>> reason for running SSHD on port 80. If I had access to other ports I'd
>> just run SSHD on one of those less obvious ports.
>>
>> Thanks, though. I had considered knockd for other applications.
>>
>> James
>>
>> Alan Porter wrote:
>>>> The why isn't related to the how that I questioned the list about,
>>>> but I'm game. I want to lock it down to reduce the chance that I
>>>> get nailed by campus IT.
>>> You might want to consider using "knockd" on that SSHD/80 port. You
>>> can set up your clients to use the knock client automatically in your
>>> ~/.ssh/config files.
>>>
>>> It's surprisingly easy to set up. It listens on a handful of ports
>>> that you choose (UDP or TCP), and then it sets up some iptables rules
>>> to open and close the SSHD port. It's pretty sweet.
>>>
>>> That way, your campus IT will find nothing at all.
>>>
>>> Alan
>>>
>>>
>>
>> --
>> --
>> ---Jim Tuttle
>> ------------------------------------------------------
>> http://www.braggtown.com
>> PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x69B69B08
>>
>> --
>> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
>>
- --
- --
- ---Jim Tuttle
- ------------------------------------------------------
http://www.braggtown.com
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x69B69B08
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkkcGioACgkQm4WzRNwT+xm7wgCfXO7RyyANiKZETpPkr+z34xRF
2GcAnRFLsJQdP4y38VCJGaCziM+oHCw9
=wlAg
-----END PGP SIGNATURE-----
More information about the TriLUG
mailing list