GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  GUESTLIST (5)

NAME

guestlist - The secondary doormand configuration file

CONTENTS

See Also
Acknowledgement
Copyright

DESCRIPTION

The doorman daemon doormand requires a list of permitted "guests", or groups. There must be one record per group, with the following order:

<groupname> <secret> <port1> <port2> .. <address1> <address2> ..

Records may span multiple lines. The groupname MUST begin on the first character of a line. Continuation lines MUST be preceeded by at least one character of whitespace (tabs or spaces). Tabs and space characters may be freely used in any order.

Any part of a line following a ’#’ character is ignored, and may be used as a comment. Blank lines are ignored.

This file MUST be readable and writeable by root, only.

groupname - The name which is sent by a knock client to identify itself. Group names may be up to 32 characters in length. Both group names and secrets may contain any alphanumeric character, as well as the characters: !@#$%^&*()_-+=|[]{};:’"<>,?/

Note that whitespace and the "." character (period, or decimal point) are not permitted.
secret - an authenticating password. This is sent by the client as an MD5 hash salted with the client’s IP address and the rounded seconds-of-epoch.

 

Secrets may be up to 64 characters in length, and use the same character set as group names. (Remember: -no- periods!)

The existence of this secret in plaintext on both the client and server machines is the reason this file, and the client’s ~/.knockcf file, must be readable only by their users. Under NO circumstances should it correspond to anything in any ’passwd’ file anywhere.

port1 port2 .. - a whitespace-delimited list of the ports to which the group may connect. A port may be specified as a number or a service name; that is, "22" and "ssh" are equivalent. Service names are case sensitive.
address1 address2 .. - a whitespace-delimited list of IP addresses or hostnames from which the group may connect. Addresses may be unique, or expressed as ranges by means of an "/nbits" modifier. Using a hostname to specify a range is permitted. There must be no whitespace before or after the "/" character.
 

An example record:


group187 b1g%Hairy_[seCret}! # groupname & secret ssh 23 # allowed ports 1.2.3.4/16 5.6.7.8 x.myplace.org/24 # allowed addresses

SEE ALSO

knock(1), knockcf(5), doormand(8), doormand.cf(5)

ACKNOWLEDGEMENT

doormand and knock are an implementation of an original idea by Martin Krzywinski. See his site at http://www.portknocking.org

COPYRIGHT

Copyright (c) 2003-2005, J.B.Ward
<bward2@users.sourceforge.net>

Search for    or go to Top of page |  Section 5 |  Main Index


Doorman, V0.81 DOORMAND.CF (5) Aug 14, 2005

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.