Letmein is a simple port knocker with a simple and secure authentication mechanism. It can be used to harden against pre-authentication attacks on services like SSH, VPN, IMAP and many more.
Letmein hides services on a server behind a knock authentication barrier to reduce the attack surface of a service. The service will not be accessible unless a knock authentication is successful. In case of a successful knock, the letmeind server will only open the knocked port for the client IP address that performed the knocking. Machines with different IP addresses still won't have access to the protected service.
Machines that can't successfully authenticate the knock sequence won't be able to access the protected service. They will receive a ICMP `reject` on the protected service port with the provided example `nftables.conf`. (You can also decide to `drop` the packets in your `nftables.conf` instead).
Letmein requires an `nftables` based firewall. It will *not* work with `iptables`. If you use an `iptables` based firewall, please convert to `nftables` before installing letmein. There are descriptions about how to do that on the Internet. It's not as hard and as much work as it sounds. :)
The letmein control communication itself defaults to TCP port 5800, but it can be configured to any TCP or UDP port. If you choose a UDP port as control port and configure `control-error-policy=basic-auth`, then the letmein service itself operates in stealth mode and doesn't respond to unauthenticated incoming messages.
-
letmein release 8.0.0
.tar.xz archive
PGP signature - Older letmein releases can be found here.
The development source code of letmein can be downloaded using
the Git version control system as follows:
git clone https://git.bues.ch/git/letmein.git
To browse the Git repository online, go to the
repository web interface.
Or download the compressed snapshot.
A mirror of the repository is available on
GitHub,
GitLab,
Bitbucket and on
NotABug.org.
If you want to contribute to letmein, please read
the contribution guidelines first.
letmein is stable/production quality software.
That means its features are well tested and the remaining amount of bugs probably is minor.
The software does include a reasonable amount of documentation.
If you find any bugs in letmein or if you have any suggestion for new
features, we would like to hear from you.
Your help is greatly appreciated and will help to create better
software and improve the overall experience for everybody.
So don't hesitate to report anything that that limits your letmein usage.
If you have got any code improvements or other improvements that should be merged into the project, please send such enhancements to the letmein maintainer.
Please read the contribution guidelines first.
Copyright (C)
Michael Büsch
Licensed under the terms of the
MIT license
or under the terms of the
Apache License version 2.0,
at your option. See the sourcecode for details.