0
I'm trying to set up port knocking for SSH connections using knockd on Debian 9 on a Google Cloud Platform server.
I've successfully set up port knocking on many servers in the past, but this is my first attempt on a GCP server.
My initial setup yielded unsuccessful results - monitoring the knockd service logs showed the knocks weren't being seen on the server side.
Running knockd with --verbose --debug shows that the Local IP set is the server's internal address. From reading some of the Google docs, I see that the reason eth0 shows only my internal IP address is due to the networking setup used in GCP VM instances.
How can I achieve SSH port knocking on my GCP server with the networking and firewall being managed by Google?
Charles
Posted 2018-01-30T09:04:06.840
Reputation: 5
Try asking this question on Serverfault. – Alex – 2018-02-06T14:08:00.700
Good idea, not sure why I automatically posted here. I may have already sorted it out though, it has to do with the networking and firewall basics of GCP, and once I set the relevant ports, knockd will be able to see the knocks and I'm assuming the external IP will be translated to the internal. – Charles – 2018-02-07T10:47:33.870
Curious: why bother with port knocking? Why not just use keys instead, which are effectively unbreakable? – Alex – 2018-02-07T10:53:24.343
Port knocking on my system is in addition to SSH keys. SSH keys may be unbreakable, but the SSH daemon itself could contain vulnerabilities. Port knocking allows me to leave all ports closed most of the time. – Charles – 2018-03-04T17:21:04.557