Authenticated port knocking
Automation
Awlsim - S7 compatible PLC / SPS
PiLC - S7 PLC for Raspberry Pi
pyprofibus - PROFIBUS-DP stack
Software
Catalyst PCIBX
CRC code generator
Disktest
letmein - Port knocker
Miscellaneous
PartMgr - Part manager
PWMan password manager
razercfg - Razer config tool
Toprammer (TOP2049)
Wolfsmühle
Xytronic LF-1600 firmware
Machining
CNC Remote Control
Desktop CNC mill
Old projects
BT8xx based GPIO card
Nokia n810 - Serial Console
Plant moisture control
About
About me
GIT repositories
How to contribute?

letmein - Authenticated port knocking

Letmein is a simple port knocker with a simple and secure authentication mechanism. It can be used to harden against pre-authentication attacks on services like SSH, VPN, IMAP and many more.

Image preview of letmein_overview.png

Letmein hides services on a server behind a knock authentication barrier to reduce the attack surface of a service. The service will not be accessible unless a knock authentication is successful. In case of a successful knock, the letmeind server will only open the knocked port for the client IP address that performed the knocking. Machines with different IP addresses still won't have access to the protected service.

Machines that can't successfully authenticate the knock sequence won't be able to access the protected service. They will receive a TCP/ICMP `reject` on the protected service port with the provided example `nftables.conf`. (You can also decide to `drop` the packets in your `nftables.conf` instead).

Letmein requires an `nftables` based firewall. It will *not* work with `iptables`. If you use an `iptables` based firewall, please convert to `nftables` before installing letmein. There are descriptions about how to do that on the Internet. It's not as hard and as much work as it sounds. :)

Download letmein

The development source code of letmein can be downloaded using the Git version control system as follows:

git clone https://git.bues.ch/git/letmein.git

To browse the Git repository online, go to the repository web interface.
Or download the compressed snapshot.
A mirror of the repository is available on GitHub, GitLab, Bitbucket and on NotABug.org.
If you want to contribute to letmein, please read the contribution guidelines first.

letmein is stable/production quality software.
That means its features are well tested and the remaining amount of bugs probably is minor. The software does include a reasonable amount of documentation.

Bug reports and feature requests

If you find any bugs in letmein or if you have any suggestion for new features, we would like to hear from you.
Your help is greatly appreciated and will help to create better software and improve the overall experience for everybody. So don't hesitate to report anything that that limits your letmein usage.

If you have got any code improvements or other improvements that should be merged into the project, please send such enhancements to the letmein maintainer.

Please read the contribution guidelines first.

License / Copyright

Copyright (C) Michael Büsch
Licensed under the terms of the MIT license or under the terms of the Apache License version 2.0, at your option. See the sourcecode for details.

Short link to this page: https://bues.ch/h/letmein

Updated: Sunday 10 November 2024 20:00 (UTC)
xhtml / css