Contained in this post is an overview / downloadable .tgz file for a web knocking application I wrote called wwwknock. It is the product of discussion on this thread.
I have thoroughly tested wwwknock, but there is always the possibility for insidious bugs, so if you're going to try it out be sure to do so in a low-risk test environment first! (I currently have deployed it on one production FreeBSD host and one production Fedora host; I'm continuing to keep an eye on it.)
Included in the .tgz are three important pieces of documentation (README, LICENSE, and INSTALL), the first of which I will post below.
wwwknock/README
If you try it out, feel free to leave comments / suggestions here. If I submit any bug fixes at a later date, I'll post a patch on this thread.
I have thoroughly tested wwwknock, but there is always the possibility for insidious bugs, so if you're going to try it out be sure to do so in a low-risk test environment first! (I currently have deployed it on one production FreeBSD host and one production Fedora host; I'm continuing to keep an eye on it.)
Included in the .tgz are three important pieces of documentation (README, LICENSE, and INSTALL), the first of which I will post below.
wwwknock/README
Code:
wwwknock is an implementation of the concept of "web knocking".
The gist of it goes like this:
1. client connects to wwwknock web application with a web browser, a la:
http://host.here/knock
2. client is prompted for authentication credentials
3. upon entering said credentials correctly, an "allow" entry containing
client's IP address is added, allowing ssh access
-------
wwwknock requires a few basic pieces to work:
* apache web server (tested on v2.x and later)
* mod_python (tested on v3)
* tcp wrappers support compiled into sshd (very common on most OSes)
To confirm the tcp wrappers point, use:
# ldd `which sshd` | grep libwrap
If you don't see a result from that, you can't use wwwknock.
-------
Read the LICENSE before installing. For installation notes, see INSTALL.
If you try it out, feel free to leave comments / suggestions here. If I submit any bug fixes at a later date, I'll post a patch on this thread.