Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Contact Us
Online Help
Domain Status
Man Pages

Virtual Servers

Topology Map

Server Agreement
Year 2038

USA Flag



Man Pages

Manual Reference Pages  -  GUESTLIST (5)


guestlist - The secondary doormand configuration file


See Also


The doorman daemon doormand requires a list of permitted "guests", or groups. There must be one record per group, with the following order:

<groupname> <secret> <port1> <port2> .. <address1> <address2> ..

Records may span multiple lines. The groupname MUST begin on the first character of a line. Continuation lines MUST be preceeded by at least one character of whitespace (tabs or spaces). Tabs and space characters may be freely used in any order.

Any part of a line following a ’#’ character is ignored, and may be used as a comment. Blank lines are ignored.

This file MUST be readable and writeable by root, only.

groupname - The name which is sent by a knock client to identify itself. Group names may be up to 32 characters in length. Both group names and secrets may contain any alphanumeric character, as well as the characters: !@#$%^&*()_-+=|[]{};:’"<>,?/

Note that whitespace and the "." character (period, or decimal point) are not permitted.
secret - an authenticating password. This is sent by the client as an MD5 hash salted with the client’s IP address and the rounded seconds-of-epoch.


Secrets may be up to 64 characters in length, and use the same character set as group names. (Remember: -no- periods!)

The existence of this secret in plaintext on both the client and server machines is the reason this file, and the client’s ~/.knockcf file, must be readable only by their users. Under NO circumstances should it correspond to anything in any ’passwd’ file anywhere.

port1 port2 .. - a whitespace-delimited list of the ports to which the group may connect. A port may be specified as a number or a service name; that is, "22" and "ssh" are equivalent. Service names are case sensitive.
address1 address2 .. - a whitespace-delimited list of IP addresses or hostnames from which the group may connect. Addresses may be unique, or expressed as ranges by means of an "/nbits" modifier. Using a hostname to specify a range is permitted. There must be no whitespace before or after the "/" character.

An example record:

group187 b1g%Hairy_[seCret}! # groupname & secret ssh 23 # allowed ports # allowed addresses


knock(1), knockcf(5), doormand(8),


doormand and knock are an implementation of an original idea by Martin Krzywinski. See his site at


Copyright (c) 2003-2005, J.B.Ward

Search for    or go to Top of page |  Section 5 |  Main Index

Doorman, V0.81 DOORMAND.CF (5) Aug 14, 2005

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.