{"id":13795942,"url":"https://github.com/ashmckenzie/go-sshoney","last_synced_at":"2025-05-13T00:30:32.081Z","repository":{"id":57485757,"uuid":"41477290","full_name":"ashmckenzie/go-sshoney","owner":"ashmckenzie","description":"SSH Honeypot","archived":false,"fork":false,"pushed_at":"2017-05-31T22:07:46.000Z","size":16,"stargazers_count":31,"open_issues_count":1,"forks_count":5,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-08-04T23:10:05.741Z","etag":null,"topics":["golang","honeypot","ssh"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ashmckenzie.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-08-27T09:17:39.000Z","updated_at":"2024-04-03T08:29:42.000Z","dependencies_parsed_at":"2022-09-11T15:03:00.681Z","dependency_job_id":null,"html_url":"https://github.com/ashmckenzie/go-sshoney","commit_stats":null,"previous_names":["ashmckenzie/sshoney"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ashmckenzie%2Fgo-sshoney","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ashmckenzie%2Fgo-sshoney/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ashmckenzie%2Fgo-sshoney/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ashmckenzie%2Fgo-sshoney/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ashmckenzie","download_url":"https://codeload.github.com/ashmckenzie/go-sshoney/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225159841,"owners_count":17430190,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["golang","honeypot","ssh"],"created_at":"2024-08-03T23:01:04.424Z","updated_at":"2024-11-18T10:30:57.905Z","avatar_url":"https://github.com/ashmckenzie.png","language":"Go","funding_links":[],"categories":["\u003ca id=\"c8f749888134d57b5fb32382c78ef2d1\"\u003e\u003c/a\u003eSSH\u0026\u0026Telnet","Honeypots"],"sub_categories":[],"readme":"SSHoney\n=======\n\nSSHoney is an SSH honeypot designed purely to log the SSH connection attempts on a given port.  It\ndoes not go any further than that.\n\nIt is inspired by https://github.com/Scalingo/go-ssh-examples/blob/master/server_complex.go (thanks @max107 :))\n\nHow?\n----\n\nSSHoney works by listening on a non-privileged port (2222 by default) and pretends to be an SSH\nserver.  When an SSH client connects, SSHoney logs the connection details (IP, username, password and SSH clienr version) to stdout and/or syslog, a log file of your choosing (e.g `/var/log/sshoney.log`).\n\nBasic setup\n-----------\n\nInstall the source and binary:\n\n```shell\ngo get -u github.com/ashmckenzie/sshoney\n```\n\nEnsure `${GOPATH}/bin` is in your `${PATH}` (so you can run `sshoney` from any directory):\n\n```shell\nexport PATH:${PATH}:${GOPATH}/bin\n```\n\nRun it and you will be asked to generate a `host.key`:\n\n```shell\n$ cd /tmp\n$ sshoney\ntime=\"2015-08-28T08:48:35+10:00\" level=fatal msg=\"Failed to load private key ./host.key.  Run make gen_ssh_key\"\n```\n\nThat's cool, let's generate one!:\n\n```shell\n$ cd /tmp\n$ make -f ${GOPATH}/src/github.com/ashmckenzie/sshoney/Makefile gen_ssh_key\nssh-keygen -f ./host.key -N ''\nGenerating public/private rsa key pair.\nYour identification has been saved in ./host.key.\nYour public key has been saved in ./host.key.pub.\nThe key fingerprint is:\nSHA256:5QH4ForyXNVRuUPPuKtyg2//swPLtw4c3DyS0idTpUk ash@ashmckenzie\nThe key's randomart image is:\n+---[RSA 2048]----+\n|       ....o..E .|\n|      . o.. o. + |\n|     . + .o. =+  |\n|  . . o oo ++=o  |\n|   + . .S o Oo=  |\n|    o      oo* . |\n|         . .o+   |\n|        o + +.+  |\n|         =o+.+== |\n+----[SHA256]-----+\n```\n\nLet's run it again:\n\n```shell\n$ sshoney\ntime=\"2015-08-28T08:59:58+10:00\" level=info msg=\"listening on 2222\"\n```\n\nSSHoney is now logging to stdout and listening on port 2222 which is not the standard SSH port (22 is).  This is deliberately setup this way to ensure:\n\n1. You are not locked out of a remote server by default\n2. The SSHoney service is not running as root\n\nProceed to the [Running live](#running-live) section for the best way to run this on a real server.\n\nRunning live\n------------\n\nSSHoney listens on port 2222 by default.  This can be changed by prefixing the `sshoney` command with `PORT=\u003cPORT\u003e`:\n\ne.g.\n\n```shell\n$ PORT=2223 sshoney\ntime=\"2015-08-28T09:11:13+10:00\" level=info msg=\"listening on 2223\"\n```\n\nOnce you have SSHoney running (ideally as the least privileged user, e.g. `nobody`) it's time to setup an IPTables rule to redirect the traffic.  The easiest way to do this is to run the provided helper in the `Makefile`:\n\n```shell\n$ make -f ${GOPATH}/src/github.com/ashmckenzie/sshoney/Makefile show_iptables_rule\n==========================================================================================\nWARNING: Please, please be very careful when adding this rule you don't lock yourself out!\n==========================================================================================\n\nsudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT --to-port 2222\n```\n\nThis can again, be customised by prefixing the `make` command with `PORT=\u003cPORT\u003e`:\n\n```shell\n$ PORT=2223 make -f ${GOPATH}/src/github.com/ashmckenzie/sshoney/Makefile show_iptables_rule\n==========================================================================================\nWARNING: Please, please be very careful when adding this rule you don't lock yourself out!\n==========================================================================================\n\nsudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT --to-port 2223\n```\n\nLogging\n-------\n\nBy default, all logs are sent to stdout.  You should also log to syslog:\n\n```shell\n$ sshoney --log-to-syslog\n```\n\nand/or a log file:\n\n```shell\n$ sshoney --log-file /var/log/sshoney.log\n```\n\nLog format\n----------\n\nLogging is handled using the very awesome https://github.com/Sirupsen/logrus library.\n\nGeneral format:\n\n`time=\"\u003cTIMESTAMP\u003e\" level=\"\u003cLEVEL\u003e\" msg=\"\u003cMSG\u003e\"`\n\ne.g.\n\n`time=\"2015-08-28T08:59:58+10:00\" level=info msg=\"listening on 2222\"`\n\nSpecific format for SSH connection attempts:\n\n`time=\"\u003cTIMESTAMP\u003e\" level=\"\u003cLEVEL\u003e\" msg=\"SSH connection from ip=[\u003cIP\u003e], username=[\u003cUSERNAME\u003e], password=[\u003cPASSWORD\u003e], version=[\u003cSSH_CLIENT_VERSION\u003e)\"`\n\ne.g.\n\n`time=\"2015-08-28T09:01:23+10:00\" level=info msg=\"SSH connection from ip=[127.0.0.1], username=[root], password=[password], version=[SSH-2.0-OpenSSH_6.2]\"`\n\nLogstash\n--------\n\nLogstash is a killer app, so I included a config and pattern helper in this repo to make it easier to ingest SSHoney log entries into Logstash!\n\nIncluded is `logstash/filter.conf` that defines a filter and `logstash/patterns/sshoney.pattern` to make parsing easier.\n\nExample Logstash dashboard\n--------------------------\n\n![Kibana](http://i.imgur.com/cXxv5f6.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fashmckenzie%2Fgo-sshoney","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fashmckenzie%2Fgo-sshoney","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fashmckenzie%2Fgo-sshoney/lists"}