Knocknoc client (scriptable login)
To gain access to underlying networks and systems, end-usersĀ log in to Knocknoc interactively via the Server component. This provides registered orchestration-Agents information to perform ongoing access provisioning.
If you need to script access in a non-interactive or headless way, such as before a file transfer (eg: SCP/SSH/RSYNC), the knocknoc-client can be utilized.
Install the knocknoc-client package
On Debian / Ubuntu and similar variants:
# update your package information
sudo apt update
# install the client package
sudo apt install knocknoc-client
On Red Hat / CentOS / Oracle Linux:
# update your package information
sudo yum check-update
# on older systems
sudo yum install knocknoc-client
# on newer systems
sudo dnf install knocknoc-client
Once installed, a knocknoc-client binary is located at /usr/bin/knocknoc-client
Using the knocknoc-client
$ /usr/bin/knocknoc-client --help
Usage of knocknoc-client:
Supports two modes of operation:
1. Config file (use -newconfig to generate, then -config to use)
2. CLI params (not recommended as ApiKey could be captured in history/logs etc)
Config file mode:
-newconfig string
Write a new config file to the given location and exit
-config value
Location of config file
-persist
Maintain access to Knocknoc-protected resources
CLI mode:
-ApiKey value
API key to use for authentication (WARNING: extremely insecure)
-ServerInsecureHttps
Allow the client to connect to a server with an invalid TLS certificate
-ServerUrl value
URL of Knocknoc server to contact
-Username value
Username to authenticate as
Other:
-version
Show version information and exit
Note that the API key is stored within the config file, as such file permissions are important. This is better than providing the ApiKey on the CLI, as it may be captured in shell history or logs, however this option is available for storage-less execution environments.