Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[CLOSED] Hiding open ports (ssh) via virtual interface (and
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
jannis
Guru
Guru


Joined: 05 Dec 2004
Posts: 340
Location: Germany / Bavaria / Aschaffenburg

PostPosted: Tue Nov 06, 2012 11:55 am    Post subject: [CLOSED] Hiding open ports (ssh) via virtual interface (and Reply with quote

Hi there,

yesterday I had some funny idea: I'm running a dedicated hosted server with a static, public IPv4-address and use ssh to administer it. If you don't want port 22 to be seen as "open" from the outside there are some possibilities:
- Move sshd to another port
- Use port-knocking so that the port will be opened only for a short while (or one connection) when a specific connect-sequence has reached the server

And my idea now is:
- create a virtual network interface on the server (ip tuntap add mode tun)
- set any non-public (not routed on the internet) IPv4-address on that interface (ip addr add 192.168.123.1/24 dev tun0)
- activate that interface (ifconfig tun0 up)
- config sshd to only bind to that IP-address of the virtual interface and restart/reload sshd
- On the machines you want to connect to the server, add a new route (route add -net 192.168.123.0/24 gw <PUBLIC IP or DOMAIN/HOSTNAME>)

Then you can connect to the server using the virtual IP-address (ssh user@192.168.123.1) and the port won't be seen while port scanning

Initially I expected to configure as masquerading NAT from the physical interface of the server (eth0) to the virtual one (tun0) but that doesn't seem to be necessary.

Now a question to all network/firewalling/security-pros out there: Do I open up any security-hole that way? How do you like the idea?


Last edited by jannis on Tue Nov 06, 2012 5:04 pm; edited 1 time in total
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9645
Location: almost Mile High in the USA

PostPosted: Tue Nov 06, 2012 2:20 pm    Post subject: Reply with quote

You don't necessarily have root on all machines you want to connect from, and routers will not necessarily know how to route packets properly to a private net unless you happen to be on the same net - and thus don't need to route?

You might well just firewall everything off and use VPN to connect.

I just leave sshd open and let the storm pass. Just hoping people all have good passwords...
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
py-ro
Veteran
Veteran


Joined: 24 Sep 2002
Posts: 1734
Location: Velbert

PostPosted: Tue Nov 06, 2012 2:28 pm    Post subject: Reply with quote

Most routers will ignore your provided route and just discard your packages.
Back to top
View user's profile Send private message
jannis
Guru
Guru


Joined: 05 Dec 2004
Posts: 340
Location: Germany / Bavaria / Aschaffenburg

PostPosted: Tue Nov 06, 2012 5:03 pm    Post subject: Reply with quote

Okay, you are both correct, I didn't really think about the routers in between my client machine and the server. Thanks for your clarification :)
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9645
Location: almost Mile High in the USA

PostPosted: Tue Nov 06, 2012 8:52 pm    Post subject: Reply with quote

VPN should be what you want. It basically does exactly that, transfers from your machine to the server in a tunnel without worrying about the network. The server has its own private address space associated with the VPN, on which the server only listens to ssh on. So if the attacker has no VPN access=no ssh access either. Plus it's an encrypted tunnel, to boot!

Again I just let ssh do what it does. But I also have VPN that I can use, and it uses a certificate system that I can revoke access to if I lose a key.
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum