Hacker News new | ask | show | jobs
by xtrumanx 4043 days ago
Thank you for introducing me to port knocking (wikipedia link for the unintiated [0]).

Not trying to lure into an argument you're trying to avoid but I'm just curious; what is the religious argument about regarding port knocking? I know about both sides to tabs/spaces and vim/emacs but am curious what people have against port knocking.

[0] http://en.wikipedia.org/wiki/Port_knocking
2 comments
rsync 4043 days ago
Heh.

In short, port knocking is a very, very short/weak password. And is a very weak authentication measure.

This is absolutely true and nobody could argue that.

So if you only did port knocking, or if you depended on port knocking, you're making a bad decision.

I believe in defense in depth, and therefore I think that port knocking on top of everything else you already do has good value - especially considering how simple and lightweight knockd is and my experience of it running stably for years at a time.

link
danwakefield 4043 days ago
Many say it is useless. With passwords + root login disabled to login someone must break your keypair, unlikely to be accomplished by anyone who wouldn't also have the resources to knock ports.
link