This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

sniffing port knocks?

Posted by: Anonymous [ip: 198.36.89.8] on May 20, 2008 02:18 PM
The article doesn't go into this but what I want to know is whether the key is encryted, used as a hash, etc. or is it just sent in the clear with the port knock? If it clear text, what stops anyone sniffing the connection from noticing that ssh sessions are preceeded by our key bearing portknock, and simply replaying the knock/key?

#

Return to Fwknop and single packet authorization