Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jaksi/sshesame
An easy to set up and use SSH honeypot, a fake SSH server that lets anyone in and logs their activity
https://github.com/jaksi/sshesame
go golang honeypot security ssh
Last synced: 2 months ago
JSON representation
An easy to set up and use SSH honeypot, a fake SSH server that lets anyone in and logs their activity
- Host: GitHub
- URL: https://github.com/jaksi/sshesame
- Owner: jaksi
- License: apache-2.0
- Created: 2016-11-01T15:37:45.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2023-04-17T23:59:27.000Z (about 1 year ago)
- Last Synced: 2024-01-24T15:11:10.287Z (5 months ago)
- Topics: go, golang, honeypot, security, ssh
- Language: Go
- Homepage:
- Size: 6.74 MB
- Stars: 1,361
- Watchers: 33
- Forks: 85
- Open Issues: 13
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Lists
- awesome-ssh - sshesame - A fake SSH server that lets everyone in and logs their activity. (Apps / Testing / Honeypots)
- awesome-honeypots - sshesame - Fake SSH server that lets everyone in and logs their activity. (Honeypots)
- paralax-awesome-honeypots - sshesame - A fake SSH server that lets everyone in and logs their activity. (<a name="honeypots"></a> Honeypots)
- awesome-golang-repositories - sshesame
- awesome-honeypot - **962**星
- awesome-ssh - sshesame - A fake SSH server that lets everyone in and logs their activity. (Apps / Testing / Honeypots)
- awesome-honeypots - sshesame - Fake SSH server that lets everyone in and logs their activity. (Honeypots)
- awesome-honeypots - sshesame - Fake SSH server that lets everyone in and logs their activity. (Honeypots)
- awesome-ssh - sshesame - An easy to set up and use SSH honeypot, a fake SSH server that lets anyone in and logs their activity (Honeypots)
- awesome-stars - jaksi/sshesame - An easy to set up and use SSH honeypot, a fake SSH server that lets anyone in and logs their activity (Go)
- awesome-ssh - sshesame - A fake SSH server that lets everyone in and logs their activity. (Apps / Testing / Honeypots)
- awesome - sshesame - An easy to set up and use SSH honeypot, a fake SSH server that lets anyone in and logs their activity (Go)
- -awesome-honeypots- - sshesame - Fake SSH server that lets everyone in and logs their activity. (Honeypots)
- awesome-honeypots - sshesame - Fake SSH server that lets everyone in and logs their activity. (Honeypots)
- awesome-stars - jaksi/sshesame - `★1435` An easy to set up and use SSH honeypot, a fake SSH server that lets anyone in and logs their activity (Go)
- fucking-awesome-honeypots - sshesame - Fake SSH server that lets everyone in and logs their activity. (Honeypots)
README
# sshesame
An easy to set up and use SSH honeypot, a fake SSH server that lets anyone in and logs their activity
`sshesame` accepts and logs SSH connections and activity (channels, requests), without doing anything on the host (e.g. executing commands, making network requests).
[![asciicast](https://asciinema.org/a/VSqzZi1oPA0FhQDyqht22iA6k.svg)](https://asciinema.org/a/VSqzZi1oPA0FhQDyqht22iA6k)
- [Installation and usage](#installation-and-usage)
- [From source](#from-source)
- [GitHub releases](#github-releases)
- [Snap](#snap)
- [Usage](#usage)
- [Docker](#docker)
- [CLI](#cli)
- [Dockerfile](#dockerfile)
- [Docker Compose](#docker-compose)
- [systemd](#systemd)
- [Configuration](#configuration)
- [Sample output](#sample-output)## Installation and usage
> :warning: **The [`sshesame` package](https://packages.debian.org/stable/sshesame) in the official Debian (and derivatives) repositories may be (probably is) outdated.**
### From source
```
$ git clone https://github.com/jaksi/sshesame.git
$ cd sshesame
$ go build
```### GitHub releases
Linux, macOS and Windows binaries for several architectures are built and released automatically and are available on the [Releases page](https://github.com/jaksi/sshesame/releases).
### Snap
Snaps for several architectures are built and released automatically and are available on the [Snap Store](https://snapcraft.io/sshesame).
> :warning: **The snap can only access files (configs, keys, logs) in the user's home directory.**
```
$ snap install sshesame
```### Usage
```
$ sshesame -h
Usage of sshesame:
-config string
optional config file
-data_dir string
data directory to store automatically generated host keys in (default "...")
```Debug and error logs are written to standard error. Activity logs by default are written to standard out, unless the `logging.file` config option is set.
### Docker
Images for amd64, arm64 and armv7 are built and published automatically and are available on the [Packages page](https://github.com/jaksi/sshesame/pkgs/container/sshesame).
#### CLI
```
$ docker run -it --rm\
-p 127.0.0.1:2022:2022\
-v sshesame-data:/data\
[-v $PWD/sshesame.yaml:/config.yaml]\
ghcr.io/jaksi/sshesame
```#### Dockerfile
```dockerfile
FROM ghcr.io/jaksi/sshesame
#COPY sshesame.yaml /config.yaml
```#### Docker Compose
```yaml
services:
sshesame:
image: ghcr.io/jaksi/sshesame
ports:
- "127.0.0.1:2022:2022"
volumes:
- sshesame-data:/data
#- ./sshesame.yaml:/config.yaml
volumes:
sshesame-data: {}
```### systemd
```desktop
[Unit]
Description=SSH honeypot
After=network-online.target
Wants=network-online.target[Service]
ExecStart=/path/to/sshesame #-config /path/to/sshesame.yaml
Restart=always[Install]
WantedBy=multi-user.target
```### Configuration
A configuration file can optionally be passed using the `-config` flag.
Without specifying one, sane defaults will be used and an RSA, ECDSA and Ed25519 host key will be generated and stored in the directory specified in the `-data_dir` flag.A [sample configuration file](sshesame.yaml) with default settings and explanations for all configuration options is included.
A [minimal configuration file](openssh.yaml) which tries to mimic an OpenSSH server is also included.## Sample output
```
2021/07/04 00:37:05 [127.0.0.1:64515] authentication for user "jaksi" without credentials rejected
2021/07/04 00:37:05 [127.0.0.1:64515] authentication for user "jaksi" with public key "SHA256:uUdTmvEHN6kCAoE4RJWsxr8+fGTGhCpAhBaWgmMVqNk" rejected
2021/07/04 00:37:07 [127.0.0.1:64515] authentication for user "jaksi" with password "hunter2" accepted
2021/07/04 00:37:07 [127.0.0.1:64515] connection with client version "SSH-2.0-OpenSSH_8.1" established
2021/07/04 00:37:07 [127.0.0.1:64515] [channel 1] session requested
2021/07/04 00:37:07 [127.0.0.1:64515] [channel 1] PTY using terminal "xterm-256color" (size 158x48) requested
2021/07/04 00:37:07 [127.0.0.1:64515] [channel 1] environment variable "LANG" with value "en_IE.UTF-8" requested
2021/07/04 00:37:07 [127.0.0.1:64515] [channel 1] shell requested
2021/07/04 00:37:16 [127.0.0.1:64515] [channel 1] input: "cat /etc/passwd"
2021/07/04 00:37:17 [127.0.0.1:64515] [channel 1] closed
2021/07/04 00:37:17 [127.0.0.1:64515] connection closed
```