How to obscure open ports with knockd

How to obscure open ports with knockd
Learn how to obfuscate SSH login with port knocking.

Say you have Linux servers in your company and you need access to them from either the LAN or WAN, but you’re leery of leaving the SSH ports open. What do you do? One way to secure those ports is to obscure them a tool called knockd. Knockd works with port knocking, which is a method of dynamically opening network ports by connecting via a predefined sequence. With knockd, you define a knocking sequence that, when used, will allow the SSH connection through. It’s like adding a secret knock that must be used before SSH will allow you in.

I want to walk you through the installation and usage of knockd. I’ll be demonstrating on Ubuntu Server 19.10, but the process should work fine on any Debian or Ubuntu-based server.

SEE: Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download) 

What you’ll need 

The only things you’ll need to make this work are:

• A running instance of Ubuntu Server
• A Linux client to connect to the server
• A user with sudo privileges

How to install

There are two pieces of software that must be installed, both of which can be found in the standard repositories. To install these packages, open a terminal window on the server and issue the command:

sudo apt-get install knockd iptables-persistent

That’s it for the installation on the server.

How to configure knockd

Let’s first backup the original knockd configuration file with the command:

sudo mv /etc/knockd.conf /etc/knockd.conf.bak

Now, create a new file with the command:

sudo nano /etc/knockd.conf

In that file paste the following:

[options]
        UseSyslog
    Interface = IFACE
[SSH]
        sequence = 1100,2200,3300
        seq_timeout = 15
        tcpflags = syn
        start_command = /sbin/iptables -I INPUT -s %IP% -p tcp...