Due to a security restriction, a client is asking me to enable portknocking on Clear Linux, does this service exist in a bundle?
There is no knockd bundle. You should be able to compile and it yourself.
You can also request it be added to Clear Linux here: https://github.com/clearlinux/distribution/issues/new/choose though you may see some resistance since this falls under security through obscurity and it looks like the package hasn’t seen regular updates, historically.
It may help if you could elaborate what the “restriction” is that you need to work with. Because of what @puneetse wrote, and due to clearlinux already using
tallow, tools like
knockd don’t really add much security. You could always change the
SSH port if you need (see:
Thanks for the prompt response. Giving more information about the technical security restrictions of our client, indicate that they configure a separate portknocking sequence for each edge computing device deployed so te access by certified ssh is also restricted by the activation of an independent sequence. Additionally, the client configures the service so that it is open only 1 minute after the portknocking sequence. The ssh port is raised on a random port that is communicated to the operator console by the edge device using a MQTT / TLS cahnnel. During that minute, ansible tasks access machines and apply patches and perform software updates. This is why the porkonking service is important to us. By the way, with this functionality, Tallow is not a possible alternative.
What port-knocking software are you actually using for this solution?