jvinet
FYI: I made a minimal script that updates the sequences based on a time schedule
Hi,
Although somewhat old and unmaintained, knockd proves still reliable! So I started using it and didn't want to risk replay attacks. But using one time sequence means I can't use several clients knocking on the same server (they would get out of sync), would fail on unreliable connection (my primary usecase is to knock from my phone on termux) and I don't want to have to update the knock list on my phone regularly.
There is a pr by @rdmitry0911 that adds some kind of password to generate the sequence based on time, which is nice but to use it I need to install the same client.
So I made knockd_rotator, a simple pure python pair of server and client scripts. The client runs fine on termux and on anywhere with python and can trivially be translated to shell or any other language too if need be. The server must be run periodically (I provide systemd examples) to update the rules and that's it. Both client and server script just need to share a secret and modulo parameter and they will derive the same sequence for a given service.
Related: #76 and #42
Feel free to close this.
