Atlantic.Net Blog

How to Secure SSH Service with Port Knocking

Hitesh Jethva
by Atlantic.Net (273 posts) under Tutorials, VPS Hosting
0 Comments

If you want to allow users to access specific services on your server without open a firewall, you can use port knocking. Port knocking is a method that allows you to secure your service from unauthorized users. Port knocking allows incoming connections when a correct sequence of connection attempts is received.

In this post, we will secure open SSH port 22 with port knocking. This port will only be opened when someone requests the ports 7000, 8000, 9000 in sequence.

Prerequisites

  • An Ubuntu 20.04 server on the Atlantic.Net Cloud Platform
  • A root password configured on your server

Step 1 – Create Atlantic.Net Cloud Server

First, log in to your Atlantic.Net Cloud Server. Create a new server, choosing Ubuntu 20.04 as the operating system with at least 2GB RAM. Connect to your Cloud Server via SSH and log in using the credentials highlighted at the top of the page.

Once you are logged in to your Ubuntu 20.04 server, run the following command to update your base system with the latest available packages.

apt-get update -y

Step 2 – Install and Configure Knockd

By default, the knockd package is included in the Ubuntu 20.04 default repository. You can install it using the following command:

apt-get install knockd -y

Once the package is installed, edit the port knocking default configuration file:

nano /etc/knockd.conf

Find the default sequence shown below:

        sequence    = 7000,8000,9000
        sequence    = 9000,8000,7000

And replace them with the following sequence:

        sequence    = 7777,8888,9999
        sequence    = 9999,8888,7777

Also, find the following line:

        command     = /sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT

And replace it with the following line:

        command     = /sbin/iptables -I INPUT -s %IP% -p tcp --dport 22 -j ACCEPT

Save and close the file when you are finished.

In the above configuration file, the sequence 7777, 8888, 9999 is used to open port 22 for a client system, and the sequence 9999, 8888, 7777 is used to close port 22 for a client system.

Next, edit the /etc/default/knockd configuration file:

nano /etc/default/knockd

Change the following lines:

# Start the Knockd service
START_KNOCKD=1

# Name of your network interface
KNOCKD_OPTS="-i eth0"

Save and close the file when you are finished, then restart the Knockd service and enable it to start at system reboot:

systemctl restart knockd
systemctl enable knockd

Next, verify the status of Knockd service with the following command:

systemctl status knockd

Sample output:

● knockd.service - Port-Knock Daemon
     Loaded: loaded (/lib/systemd/system/knockd.service; disabled; vendor preset: enabled)
     Active: active (running) since Sun 2021-08-15 13:26:31 UTC; 5s ago
       Docs: man:knockd(1)
   Main PID: 6555 (knockd)
      Tasks: 1 (limit: 2353)
     Memory: 296.0K
     CGroup: /system.slice/knockd.service
             └─6555 /usr/sbin/knockd -i eth0

Aug 15 13:26:31 ubuntu2004 systemd[1]: Started Port-Knock Daemon.
Aug 15 13:26:31 ubuntu2004 knockd[6555]: starting up, listening on eth0

Step 3 – Install and Configure Iptables

Knockd uses the Iptables rule to open and close the SSH port, so you will need to install the Iptables package on your server.

Run the following command to install the Iptables package:

apt-get install iptables iptables-persistent -y

Once the package is installed, create an Iptables rule to block SSH port 22 for all users:

iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j REJECT

Next, save the Iptables rule and reload it with the following command:

netfilter-persistent save
netfilter-persistent reload

At this point, port knocking is configured for OpenSSH in your server.

Step 4 – Check OpenSSH Connection from Client System

Next, go to the client system and check whether the OpenSSH port 22 is blocked or not.

You can check it using the NMAP command:

nmap your-server-ip

You should see that port 22 is filtered on the server.

Nmap scan report for your-server-ip
Host is up (0.38s latency).
Not shown: 998 closed ports
PORT   STATE    SERVICE
21/tcp open     ftp
22/tcp filtered ssh
Nmap done: 1 IP address (1 host up) scanned in 277.58 seconds

Now, try to connect to your server using SSH from the client machine:

ssh [email protected]

You should see the connection refused message:

ssh: connect to host your-server-ip port 22: Connection refused

Step 5 – Configure Knockd on Client to Connect SSH Server

Now you will need to install Knock client on the client system to connect to the SSH server.

First, run the following command to install the Knockd client package:

apt-get install knockd -y

Now use the following knock sequence to open the SSH port 22 on the server.

knock -v your-server-ip 7777 8888 9999

When your server receives a correct sequence that you have defined in the Knockd configuration file, it will open the SSH port 22 for your client machine, and you will be able to connect to the SSH server.

ssh [email protected]

After completing your task on the remote SSH server, you can use the following sequence from the client machine to close the SSH port again.

knock -v your-server-ip 9999 8888 7777

Conclusion

In the above guide, you learned how to secure an SSH server with port knocking. You can use the same method to secure other ports on a Linux server. Try it on VPS hosting from Atlantic.Net!

Get A Free To Use Cloud VPS

Free Tier Includes:
G3.2GB Cloud VPS Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year


Looking for a Hosting Solution?

We Provide Cloud, Dedicated, & Colocation.

  • Seven Global Data Center Locations.
  • Flexible Private, Public, & Hybrid Hosting.
  • 24x7x365 Security, Support, & Monitoring.
Contact Us Now! Med Tech Award FTC
SOC Audit HIPAA Audit HITECH Audit

Recent Posts

Get started with 12 months of free cloud VPS hosting

Free Tier includes:
G3.2GB Cloud VPS Server Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year


New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4

Canada

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Resources