Background:
Due to the large number of bots attempting to ssh to my server, I
implemented portknocking (as the logs were just filled with crap).
So to access port 2222 for ssh I would first need to connect on port
3333 which opens port 2222 for 60secs.
(obv I just made those ports up)
I wanted to continue to use putty under windows to connect to my
server. However its a bit of hassle to connect manually to 1 port 1st
and then do the real connection.
The devs at putty have said they won't implement port knocking which
is fine, so i decided to build putty from source and add the port
knocking to my copy.
Problem:
I implemented it and it works, sort of.
Unfortunately (under windows) the 1st attempted connection (the knock)
times out (within 30secs) and in doing so kills my active putty
window.
Under linux due to the -Werror flag my build fails with the following:
--------------------------------------------------------------------
cc1: warnings being treated as errors
../ssh.c:2829: warning: function definition has qualified void return
type
../ssh.c: In function ‘knock’:
../ssh.c:2845: warning: statement with no effect
make: *** [ssh.o] Error 1
----------------------------------------------------------------------
Now if i edit the makefile and remove the -Werror flag and then run
make again it will build fine.
It times out after about 5min.
Can anyone help me sort this?
portknock.patch
----------------------
Index: config.c
=============== =============== =============== =============== =======
--- config.c (revision 8122)
+++ config.c (working copy)
@@ -1989,6 +1989,35 @@
I(offsetof(Conf ig,ssh2_des_cbc )));
}
+ /* The Connection/SSH/PortKnock panel. Allows the setting up
of
+ * port knocking.
+ */
+
+ if (!midsession) {
+ ctrl_settitle(b , "Connection/SSH/PortKnock",
+ "Options controlling port knocking");
+
+ s = ctrl_getset(b, "Connection/SSH/PortKnock", "main",
+ "Port Knocking options");
+
+ ctrl_checkbox(s , "Enable Port Knocking",
+ 'e', HELPCTX(ssh_aut h_ki),
+ dlg_stdcheckbox _handler,
+ I(offsetof(Conf ig,pk_enable))) ;
+
+ ctrl_editbox(s, "1st Port to knock on:", 'p', 20,
+ HELPCTX(ssh_kex _repeat),
+ dlg_stdeditbox_ handler,
+ I(offsetof(Conf ig,pk_port1)),
+ I(-1));
+
+ ctrl_editbox(s, "2nd Port to knock on:", 'n', 20,
+ HELPCTX(ssh_kex _repeat),
+ dlg_stdeditbox_ handler,
+ I(offsetof(Conf ig,pk_port2)),
+ I(-1));
+ }
+
/*
* The Connection/SSH/Kex panel. (Owing to repeat key
* exchange, this is all meaningful in mid-session _if_
Index: putty.h
=============== =============== =============== =============== =======
--- putty.h (revision 8122)
+++ putty.h (working copy)
@@ -464,6 +464,10 @@
int ssh_no_shell; /* avoid running a shell */
char ssh_nc_host[512]; /* host to connect to in `nc' mode
*/
int ssh_nc_port; /* port to connect to in `nc' mode */
+ /* Port Knocking */
+ int pk_enable;
+ int pk_port1;
+ int pk_port2;
/* Telnet options */
char termtype[32];
char termspeed[32];
Index: ssh.c
=============== =============== =============== =============== =======
--- ssh.c (revision 8122)
+++ ssh.c (working copy)
@@ -2824,6 +2824,40 @@
* Also places the canonical host name into `realhost'. It must be
* freed by the caller.
*/
+
+static const void knock(Ssh ssh, char *host, int port, char
**realhost)
+{
+ static const struct plug_function_t able fn_table = {
+ ssh_log,
+ ssh_closing,
+ ssh_receive,
+ ssh_sent,
+ NULL
+ };
+
+ SockAddr addr;
+ const char *err;
+
+ /*
+ * Try to find host.
+ */
+ ssh->cfg.addressfam ily == ADDRTYPE_IPV4 ? " (IPv4)" :
+ (ssh->cfg.addressfam ily == ADDRTYPE_IPV6 ? " (IPv6)" : "");
+ addr = name_lookup(hos t, port, realhost, &ssh->cfg,
+ ssh->cfg.addressfam ily);
+ if ((err = sk_addr_error(a ddr)) != NULL) {
+ sk_addr_free(ad dr);
+ }
+
+ /*
+ * Open socket.
+ */
+ ssh->fn = &fn_table;
+ ssh->s = new_connection( addr, *realhost, port,
+ 0, 1, 1, 0, (Plug) ssh, &ssh->cfg);
+ ssh->s = NULL;
+}
+
static const char *connect_to_hos t(Ssh ssh, char *host, int port,
char **realhost, int nodelay, int keepalive)
{
@@ -8864,6 +8898,24 @@
ssh->max_data_siz e = parse_blocksize (ssh->cfg.ssh_rekey_ data);
ssh->kex_in_progres s = FALSE;
+ if (ssh->cfg.pk_enabl e == TRUE) { /* If port knocking is enabled */
+ if (ssh->cfg.pk_port1 0) { /* We knock on this port 1st */
+ /* Attempt to connect to port and immeditatly close connection
+ * if successful and if not (which is more likely) continue.
+ */
+ // Kills active window instead of dropping silently
+
+ knock(ssh, host, ssh->cfg.pk_port1 , realhost);
+ if (ssh->cfg.pk_port2 0) { /* We then knock on this port if need
be */
+ /* Attempt to connect to port and immeditatly close connection
+ * if successful and if not (which is more likely) continue.
+ */
+ knock(ssh, host, ssh->cfg.pk_port2 , realhost);
+ }
+ }
+ /* If both ports are 0 we do nothing */
+ }
+
p = connect_to_host (ssh, host, port, realhost, nodelay,
keepalive);
if (p != NULL)
return p;
-------------------------------------------------------------------------------------
Regards,
Ryan
3  5972 
Pvt Ryan <ry******@hotma il.comwrote:
Background:
Due to the large number of bots attempting to ssh to my server, I
implemented portknocking (as the logs were just filled with crap).
So to access port 2222 for ssh I would first need to connect on port
3333 which opens port 2222 for 60secs.
(obv I just made those ports up)
I wanted to continue to use putty under windows to connect to my
server. However its a bit of hassle to connect manually to 1 port 1st
and then do the real connection.
The devs at putty have said they won't implement port knocking which
is fine, so i decided to build putty from source and add the port
knocking to my copy.
Problem:
I implemented it and it works, sort of.
Unfortunately (under windows) the 1st attempted connection (the knock)
times out (within 30secs) and in doing so kills my active putty
window.
That's a problem you will have to take up to a windows group
since it is nothing related to C but to networking under Windows.
Under linux due to the -Werror flag my build fails with the following:
--------------------------------------------------------------------
cc1: warnings being treated as errors
../ssh.c:2829: warning: function definition has qualified void return
type
I guess it's this line:
static const void knock(Ssh ssh, char *host, int port, char **realhost)
The function is defined to return void, i.e. nothing. Can you come
up with any idea what a 'constant nothing' is supposed to be? Just
throw out the 'const' and this warning should go awway.
../ssh.c: In function ‘knock’:
../ssh.c:2845: warning: statement with no effect
Again I can only guess, but it looks as if this line is the culprit:
ssh->cfg.addressfam ily == ADDRTYPE_IPV4 ? " (IPv4)" :
(ssh->cfg.addressfam ily == ADDRTYPE_IPV6 ? " (IPv6)" : "");
Here nothing really happens - there's no assignment or anything
with a side effect. All it results in is a pointer to a string
literal which isn't used. So this line has, as the error message
tells you, no effect. Throwing it out wouldn't change anything
about the behaviour of your program.
Now if i edit the makefile and remove the -Werror flag and then run
make again it will build fine.
It times out after about 5min.
Unless it's due to the rather likely not correct line 2845. this
again is nothing related to C but a networking issue, this time
under Linux. A good place to ask would be one of the groups
comp.unix.progr ammer or comp.os.linux.d evelopment.apps .
If you ask in another group about your networking issues it pro-
bably will help if you post the code instead of a diff relative
to the sources of a program many of the readers may not have.
Regards, Jens
--
\ Jens Thoms Toerring ___ jt@toerring.de
\______________ ____________ http://toerring.de
Pvt Ryan wrote:
On 26 Jul, 17:06, j...@toerring.d e (Jens Thoms Toerring) wrote:
>Pvt Ryan <ryan1...@hotma il.comwrote:
>>I wanted to continue to use putty under windows
http://www.hammerzone.com/archives/l...zing_putty.htm
>Unless it's due to the rather likely not correct line 2845. this
again is nothing related to C but a networking issue, this time
under Linux. A good place to ask would be one of the groups
comp.unix.prog rammer or comp.os.linux.d evelopment.apps .
--
pete
Thanks.
I'll take check over those parts and if I need more help I'll post in
the other news groups.
Regards,
Ryan
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: NotGiven |
last post by:
The code below is designed to loop through rows of a database query
obtaining email addresses and send an email to each. It is modified form
fomr some code I found on the net.
With each while loop, it updates the SENT field of the processed row to mark
it sent. I have a sleep function in there to slow the processing down to
see if that alleviated the following problem - it did help.
What is happening is the first 20 emails it sends...
|
by: JGBNS via DotNetMonster.com |
last post by:
Hi,
I am new to this forumand I apologize as i am not a .net programmer but we
have a program being developed by a .net programmer. Nowwe have run into an
ftp snag and I think it is part ftp and part .net coding.
Heres the issue..
We have an image directory full of photos like 200,000 in it, and if you use
an ftp client to ftp to the site and then navagate to that file it will try
|
by: Mark Reed |
last post by:
Hi all,
I am trying to learn a little about programming (I know next to nothing
so far) and have found some code which hides the toolbars. However, this bit
of code is a little too effective and hides all of them including hiding the
database window, disabling menu changes. What I am after is the same effect
as disabling all the check boxes in startup which still leaves 'File',
'Edit', 'Insert','Records','Window' &'Help'. I want to do this...
|
by: Steph |
last post by:
Hi.
I'm very new to MS Access and have been presented with an Access database
of contacts by my employer.
I am trying to redesign the main form of the database so that a button
entitled 'search' may be clicked on by the user and the user can then
search all records by postcode. I want to do this to prevent duplicate
data entry.
|
by: J Peterman |
last post by:
I need to do this exercise, but am having problems.
I need to write a program that firstly, sleeps for 5 seconds, then reads
a line of input from file descriptor 0 and then writes the line back to
file descriptor 1.
Apparrantly, this program would block forever unless you type a line of
text on the keyboard, but I can't get a working program to try.
Next, this program needs to be modified so that it would write its input
| | |
by: Simon |
last post by:
Hi, I need some help form someone.
I use my database for my online shop, so once I have entered a order
onto the database I have a button that creates the Email to the
customer to let them know the order has been placed.
I use to use as a auto number but I have just changed it to
Which is not a auto number as I type them in.
But now my VB code for the email button does not work.
|
by: raypjr |
last post by:
Hi everyone. I need a little help with some parts of a word guessing game I'm working on. I have some parts done but unsure about others and could use a little advice. Any help is very much appreciated.Here is the code to give more detail:
Dim GameOver As Boolean
Dim NumWords As Integer, ThreeWordList(1000) As String, ThreeWordMeaning(1000) As String
Dim R As Integer, WordsLeft(1000) As Integer
Dim SecretWord As String,...
|
by: singhs21 |
last post by:
hello can anyone help me im making a project ive been for hours on sites looking for help: basically, im making site which reads a password, allows access if it is correct: it will also after 3 attemps stop and close the program. Can anyone help me this is what i have done so far. If anyone could help i would be sincerly grateful, thanks please can someone help ? even if you point out pointers this would be great !
#include <stdio.h>
...
|
by: omidrh |
last post by:
I want use putty code for writing a C program in linux.
My program is a small telnet server that user log into it and send command to server.
How can I use putty source code? What files is needed?
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
