How to Use Port Knocking To Secure SSH Service in Linux
Jul 14, 2025 am 09:20 AM
Port Knocking is a nifty technique of controlling access to a port by only allowing legitimate users access to the service running on a server. It works in such a way that when the right sequence of connection attempts is made, the firewall gladly opens the port that was closed.
The logic behind port knocking is to safeguard your Linux system from automated port scanners which prowl for open ports. In this guide, we examine how you can install port knocking and how you can configure it to secure SSH service. For demonstration purposes, we will use Ubuntu 18.04.
Step 1: Install and Configure knockd
To get started, log in to your Linux system and install the knockd daemon as shown.
$ sudo apt install knockd
Once installed, open the knockd.conf configuration with your preferred text editor. Here, we are using the vim command-line text editor.
$ sudo vim /etc/knockd.conf
The default configuration file appears as follows.
Under the [openSSH] section, we need to change the default knocking sequence – 7000,8000,9000 – to something else. This is because these values are already known and can compromise the security of your system.
For testing purposes, we have set the values to 10005, 10006, 10007. This is the sequence that will be used to open the SSH port from a client system.
In the third line – beginning with command, change -A to -I just after the /sbin/iptables command and before INPUT.
And lastly, under the [closeSSH] section, again, change the default sequence to your preferred choice. This is the sequence that will be used to close the SSH connection once the user is done and logs out of the server.
Here’s our complete configuration.
Once you are done, save the changes and exit.
Another configuration we need to modify is the /etc/default/knockd. Once again, open it using your text editor.
$ sudo vim /etc/default/knockd
Locate the line START_KNOCKD=0. Uncomment it and set the value to 1.
Next, head over to the line KNOCKD_OPTS=”-i eth1” Uncomment it and replace the default eth1 value with the active network interface of your system. To check your network interface simply run the ip addr or the ifconfig command.
For our system, enp0s3 is the active network card.
The complete configuration is as shown.
Save the changes and exit.
Then start and enable knockd daemon as shown.
$ sudo systemctl start knockd $ sudo systemctl enable knockd
To check the status of knockd daemon, run the command:
$ sudo systemctl status knockd
Step 2: Close SSH Port 22 On Firewall
Since the objective of the knockd service is to either grant or deny access to ssh service, we are going to close the ssh port on the firewall. But first, let’s check the status of the UFW firewall.
$ sudo ufw status numbered
From the output, we can clearly see that SSH port 22 is open on both IPv4 and IPv6 protocols numbered 5 and 9 respectively.
We need to delete these two rules as shown, starting with the highest value – which is 9.
$ sudo ufw delete 9 $ sudo ufw delete 5
Now, if you attempt to log in remotely to the server, you will get a connection timeout error as shown.
Step 3: Configure a knock client to Connect to SSH Server
In the final step, we will configure a client and attempt to log in by first sending the knock sequence that we configured on the server.
But first, install knockd daemon just as you did on the server.
$ sudo apt install knockd
Once the installation is complete, send the knock sequence using the syntax shown
$ knock -v server_ip knock_sequence
In our case, this translates to:
$ knock -v 192.168.2.105 10005 10006 10007
You should get output similar to what we have, depending on your sequence. This shows that the knock attempts were successful.
At this point, you should be in a position to successfully log in to the server using SSH.
Once you are done doing your job on the remote server, close the SSH port by sending the closing knock sequence.
$ knock -v 192.168.2.105 10007 10006 10005
Any attempts to log in to the server will fail as demonstrated.
Closing Thoughts
This wraps up this guide on how to leverage port knocking to secure the SSH service on your server. A better and easier approach would be to configure password SSH authentication using SSH key pairs. This ensures that only the user with the private key can authenticate with the server on which the public key is stored.
The above is the detailed content of How to Use Port Knocking To Secure SSH Service in Linux. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
5 Best Open Source Mathematical Equation Editors for Linux
Jun 18, 2025 am 09:28 AM
Are you looking for good software to write mathematical equations? If so, this article provides the top 5 equation editors that you can easily install on your favorite Linux distribution.In addition to being compatible with different types of mathema
SCP Linux Command – Securely Transfer Files in Linux
Jun 20, 2025 am 09:16 AM
Linux administrators should be familiar with the command-line environment. Since GUI (Graphical User Interface) mode in Linux servers is not commonly installed.SSH may be the most popular protocol to enable Linux administrators to manage the servers
Gogo - Create Shortcuts to Directory Paths in Linux
Jun 19, 2025 am 10:41 AM
Gogo is a remarkable tool to bookmark directories inside your Linux shell. It helps you create shortcuts for long and complex paths in Linux. This way, you no longer need to type or memorize lengthy paths on Linux.For example, if there's a directory
What is a PPA and how do I add one to Ubuntu?
Jun 18, 2025 am 12:21 AM
PPA is an important tool for Ubuntu users to expand their software sources. 1. When searching for PPA, you should visit Launchpad.net, confirm the official PPA in the project official website or document, and read the description and user comments to ensure its security and maintenance status; 2. Add PPA to use the terminal command sudoadd-apt-repositoryppa:/, and then run sudoaptupdate to update the package list; 3. Manage PPAs to view the added list through the grep command, use the --remove parameter to remove or manually delete the .list file to avoid problems caused by incompatibility or stopping updates; 4. Use PPA to weigh the necessity and prioritize the situations that the official does not provide or require a new version of the software.
Install LXC (Linux Containers) in RHEL, Rocky & AlmaLinux
Jul 05, 2025 am 09:25 AM
LXD is described as the next-generation container and virtual machine manager that offers an immersive for Linux systems running inside containers or as virtual machines. It provides images for an inordinate number of Linux distributions with support
How to create a file of a specific size for testing?
Jun 17, 2025 am 09:23 AM
How to quickly generate test files of a specified size? It can be achieved using command line tools or graphical software. On Windows, you can use fsutilfilecreatenew file name size to generate a file with a specified byte; macOS/Linux can use ddif=/dev/zeroof=filebs=1Mcount=100 to generate real data files, or use truncate-s100M files to quickly create sparse files. If you are not familiar with the command line, you can choose FSUtilGUI, DummyFileGenerator and other tool software. Notes include: pay attention to file system limitations (such as FAT32 file size upper limit), avoid overwriting existing files, and some programs may
NVM - Install and Manage Multiple Node.js Versions in Linux
Jun 19, 2025 am 09:09 AM
Node Version Manager (NVM) is a simple bash script that helps manage multiple Node.js versions on your Linux system. It enables you to install various Node.js versions, view available versions for installation, and check already installed versions.NV
How to install Linux alongside Windows (dual boot)?
Jun 18, 2025 am 12:19 AM
The key to installing dual systems in Linux and Windows is partitioning and boot settings. 1. Preparation includes backing up data and compressing existing partitions to make space; 2. Use Ventoy or Rufus to make Linux boot USB disk, recommend Ubuntu; 3. Select "Coexist with other systems" or manually partition during installation (/at least 20GB, /home remaining space, swap optional); 4. Check the installation of third-party drivers to avoid hardware problems; 5. If you do not enter the Grub boot menu after installation, you can use boot-repair to repair the boot or adjust the BIOS startup sequence. As long as the steps are clear and the operation is done properly, the whole process is not complicated.
