SSH with port knocking

by Konstantin Suvorov

Does your target server require port knocking to enable SSH access? No problem.

You can try this handy ssh_pkn connection plugin. It is based on Ansible stock ssh plugin. It tries to make TCP connection to a given list of ports on the target host at the very beginning of connection creation process.

Sample inventory:

[ssh-pkn]
my-test ansible_host=my.server.example.com

[ssh-pkn:vars]
ansible_connection=ssh_pkn
knock_ports=[8888,9999]

This will knock to my.server.example.com:8888, then to my.server.example.com:9999 just before first SSH connection is being made.

You can also set knock_delay parameter – plugin will wait this number of seconds after each knock. Default delay is 0.5 seconds.

Get ssh_pkn plugin here.

Drop it into connection_plugins and you are good to go.