Giters

Shadi / ssh_honeypot

Honeypot for ssh connections

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

ssh-serverhoneypot

ssh_honeypot

You can use this package to reduce the impact of brute force login attemts on ssh, this package imitate an ssh server, and on each login attempt pause the execution for a short time, and log the origin of the attempt on a separate log file.

Installation

1- Download and extract the binary: wget https://github.com/Shadi/ssh_honeypot/releases/download/v1.0.0/ssh_honeypot_1.0.0_linux_amd64.tar.gz -q -O- | tar xz

2- Move the executable to a location in your $PATH: mv ssh_honeypot /usr/local/bin

3- Run it: ssh_honeypot

Flags:

  • -p: Port to use, default is 22
  • -l: Path of file to use for writing login attempts, default is ./attempts.log
  • -c: Max concurrent attempts, default is 20
  • -w: Pause duration n seconds before failing a login attempt, default is 15

Usage

1- Change the default port that is being used by your ssh server, usually this is specified in the file /etc/ssh/sshd_config, search for the entry port, and change the value to a different port, it might be commented out if you are still using the default, after that restart the ssh service: systemctl restart ssh

2- If you are using a firewall make sure you allow access to the new port, for instance if you specify the port 2242 in step(1) and you are using ufw firewall you can use the command: ufw allow 2242/tcp, from now on when you login you need to specify the new port using ssh -p flag: ssh root@address -p NewPort

3- run the package ssh_honeypot, this will use the default package configuration, it will pause execution for 15 seconds between attempts and write attempts to the log file ./attempts.log

Automatically Start at Boot

If you are using systemd then you can use the unit in systemd/sshp.service to automatically start ssh_honeybot on boot:

1- Copy the file to cp systemd/sshp.service /etc/systemd/system

2- Reload systemd: systemctl daemon-reload

3- Enable and start the service: systemctl enable --now sshp.service

Docker

The 4 command line options have been converted into environment variables:

  • -p -> SSH_PORT
  • -l -> LOG_FILE
  • -c -> MAX_ATTEMPT
  • -w -> WAIT_DURATION

To build docker image: docker build . -t ssh_honeypot

To run: docker run ssh_honeypot

Examples for different run configurations:

  • Change port docker run -e SSH_PORT=2222 -p 2222:2222 ssh_honeypot
  • Change log file path docker run -e LOG_FILE=/tmp/attempts.log ssh_honeypot
  • Change wait duration docker run -e WAIT_DURATION=5 ssh_honeypot
  • Change max attempts docker run -e MAX_ATTEMPTS=10 ssh_honeypot

About

Honeypot for ssh connections

ssh-serverhoneypot

License:MIT License

Languages

Language:Go 78.4%Language:Dockerfile 21.6%