OP 07 May, 2024 - 05:32 AM
I made a script that will automatically setup wireguard to act like a LAN when connected to and will filter out any and all public traffic. This make's it to where you can only connect to SSH by being connected to wireguard...the script handles everything for you, all you have to do is set permissions and run. Unfortunately this only works on Rocky OS right now as that's the application I needed it for but it can easily be modified for any linux os.
How to use:
chmod +x hide_ssh.sh
sudo ./hide_ssh.sh
when it pauses and tells you to grab the client config file...do so before continuing or you will lock yourself out (cat /etc/wireguard/client.config) copy this and save it for later
press any key
after this if you're in an ssh session it will boot you from that session
open wireguard on the client computer
click add tunnel -> add empty tunnel -> paste the config you saved earlier
now hit activate
after you activate now ssh into the machine using the following ip: 10.0.0.1
there you go, a private SSH session, go ahead and try to nmap it, you'll get closed port!
the script:
https://pastecode.dev/s/3mslguav
How to use:
chmod +x hide_ssh.sh
sudo ./hide_ssh.sh
when it pauses and tells you to grab the client config file...do so before continuing or you will lock yourself out (cat /etc/wireguard/client.config) copy this and save it for later
press any key
after this if you're in an ssh session it will boot you from that session
open wireguard on the client computer
click add tunnel -> add empty tunnel -> paste the config you saved earlier
now hit activate
after you activate now ssh into the machine using the following ip: 10.0.0.1
there you go, a private SSH session, go ahead and try to nmap it, you'll get closed port!
the script:
https://pastecode.dev/s/3mslguav
