←back to thread

Knocker, a knock based access control system for your homelab

(github.com)
67 points xlmnxp | 1 comments | 22 Oct 25 08:37 UTC | HN request time: 0.203s | source
Show context
dugite-code ◴[22 Oct 25 11:53 UTC] No.45667699[source]
I use fwknop in a similar manner, the main advantage it has is it's using an encrypted UDP packet. It's ability to call shell scripts for more advanced uses is its best feature. I have a packet set up for a rolling restart of all my services as well as ssh access
replies(1): >>45672510 #
sneak ◴[22 Oct 25 17:38 UTC] No.45672510[source]
I use this thing called sshd that listens on only a single port and its main advantage is that it uses actual cryptography to authenticate using a client keypair.
replies(1): >>45673193 #
1. dugite-code ◴[22 Oct 25 18:26 UTC] No.45673193[source]
Fwknop uses HMAC keys so quite good crypto by itself, but it's for single shot commands. Good for keeping the ssh port locked until you actually need it. I use it on top of SSH key pairs as part of my layered security, Just as any good access control strategy should.