Skip to main content

Knocknoc client (scriptable login)

To gain access to underlying networks and systems, end-usersĀ  log in to Knocknoc interactively via the Server component. This provides registered orchestration-Agents information to perform ongoing access provisioning.

If you need to script access in a non-interactive or headless way, such as before a file transfer (eg: SCP/SSH/RSYNC), the knocknoc-client can be utilized.

Install the knocknoc-client package

On Debian / Ubuntu and similar variants:

# update your package information
sudo apt update

# install the client package
sudo apt install knocknoc-client

On Red Hat / CentOS / Oracle Linux:

# update your package information
sudo yum check-update

# on older systems
sudo yum install knocknoc-client
# on newer systems
sudo dnf install knocknoc-client

Once installed, a knocknoc-client binary is located at /usr/bin/knocknoc-client

Using the knocknoc-client

$ /usr/bin/knocknoc-client --help
Usage of knocknoc-client: 

Supports two modes of operation:
 1. Config file (use -newconfig to generate, then -config to use)
 2. CLI params (not recommended as ApiKey could be captured in history/logs etc)


Config file mode:
  -newconfig string
    	Write a new config file to the given location and exit
  -config value
    	Location of config file
  -persist
    	Maintain access to Knocknoc-protected resources

CLI mode:
  -ApiKey value
    	API key to use for authentication (WARNING: extremely insecure)
  -ServerInsecureHttps
    	Allow the client to connect to a server with an invalid TLS certificate
  -ServerUrl value
    	URL of Knocknoc server to contact
  -Username value
    	Username to authenticate as

Other:
	-version
    	Show version information and exit

Note that the API key is stored within the config file, as such file permissions are important. This is better than providing the ApiKey on the CLI, as it may be captured in shell history or logs, however this option is available for storage-less execution environments.