4

I was trying to setup knockd, a port knocking daemon available to Ubuntu distros.

Before setting up my port knocking sequences, I decided to give a shot to the default knocking sequence, since it should open SSH to my IP address.

But when I first started the service sudo service knockd start, it failed with no error message and the service log located at /var/log/knockd.log is empty.

 * Starting Port-knock daemon knockd  [fail]

No changes have been made to the configuration, with the exception of /etc/default/knock where we have to change START_KNOCKD from 0 to 1.

I'm most puzzled with this since the log file is literally empty.

Any help is appreciated, thank you.

Fábio Antunes
  • 125
  • 2
  • 10
  • take a look in `/var/log/messages`. You could also investigate the service process by running it manually. You should take a look in the init script for `knockd` `/etc/init.d/knockd` and find out the command and user the service is started with. – Henrik Pingel Nov 13 '15 at 12:33
  • If it's Ubuntu, you can check /var/log/syslog for possible log entry for failed service start. Also you may try to start it manually with -D (debug) and -v (verbose) options. More info here:http://manpages.ubuntu.com/manpages/trusty/man1/knockd.1.html – Diamond Nov 13 '15 at 15:14
  • @knowhy: I don't have anything there, the folder is doesn't exist. @bangal: That's the thing `syslog` also doesn't have any mention of knockd. – Fábio Antunes Nov 13 '15 at 21:23
  • 1
    if you don't have any output at all using debug, verbose, or whatever, try to run `sh -x /etc/init.d/knockd start` it might provide a hint on what's not working well as you'll see what's going on inside the start script – ignivs Nov 18 '15 at 03:12
  • @ignivs: I've managed to solve the issue, but thanks for thr hint. – Fábio Antunes Nov 23 '15 at 05:55

3 Answers3

4

knockd might not be finding your non-standard interface.

Specify it in /etc/default/knockd like so:

KNOCKD_OPTS="-i eth0"

dw1
  • 141
  • 3
  • Yes. That was the problem. Thankfully verbose as mentioned in `bangal's` answer provided the clue. – Fábio Antunes Jan 14 '16 at 02:41
  • This saved my bacon. I've been trying this for almost 2 days straight. Also, for future seekers - you can get your network interface by simply doing `ifconfig`. – shriek May 31 '17 at 01:50
3

You can configure it to log to syslog by changing /etc/knockd.conf.

Comment out logfile = /var/log/knockd.log under [options]and add following:

UseSyslog

Then start it from shell and check output:

knockd --debug --verbose

More details here: http://manpages.ubuntu.com/manpages/dapper/man1/knockd.1.html

Diamond
  • 9,001
  • 3
  • 24
  • 38
2

find the interface which case, your ip:

ifconfig

and add him to: /etc/knockd.conf example:

Interface = venet0:0

Filin
  • 31
  • 1