|
|
|
|
|
|
by deepbreath
805 days ago
|
|
|
Don't have to do anything too complicated. Here's the knocker code in a short Bash script, produced by GPT4: ~ % gpt4 'write a very short bash script that takes the number stored in ~/.ssh/knock_seq, increments it by 1 and saves it to the file. It then takes the new number and concatenates it with the value stored in the file ~/.ssh/secret. It pipes the resulting string to sha1sum, spitting out binary. It then takes both the resulting sha1sum and the number used and pipes their concatenation to "nc -u $host $(cat ~/.ssh/knocking_port)". be brief' knock_seq=$(cat ~/.ssh/knock_seq)
let knock_seq++
echo $knock_seq > ~/.ssh/knock_seq
concat_seq_secret=$(echo -n "${knock_seq}$(cat ~/.ssh/secret)")
sha1_output=$(echo -n $concat_seq_secret | sha1sum -b | awk '{print $1}')
final_output="${sha1_output}${knock_seq}"
host=localhost
knocking_port=$(cat ~/.ssh/knocking_port)
echo -n $final_output | nc -u $host $knocking_port
|
|
|
This should prevent against replays. Throw in some rate limits somewhere maybe to not get DDoSed, especially if you let socat `fork`.