David Leadbeater

SSH port knocking with OpenBSD 7.9

Port knocking is mostly a bad idea. But people keep wanting to do it, for some false sense of security. If you don't consider it a security control but a way to keep garbage out of your logs, it might be valid. Here's one way to do it with OpenBSD's pf. More..

18^th June 2026 in openbsd, ssh

Make OpenSSH require keys selectively

This is one of those things that I've been doing for ages and is easy to find if you read the fine manual, but not many places online seem to suggest it. More..

24^th January 2011 in ssh

Using HAProxy to make SSH and SSL available on the same port

Certain places firewall TCP ports other than the most common ports. There are many techniques for bypassing such restrictions. One simple approach is to run a SSH daemon on port 443, however a downside of this is you need to dedicate an IP address to this SSH service. More..

19^th January 2010 in code, ssh

dgl.cx

SSH port knocking with OpenBSD 7.9

Make OpenSSH require keys selectively

Using HAProxy to make SSH and SSL available on the same port