https://github.com/jaksi/sshesame

An easy to set up and use SSH honeypot, a fake SSH server that lets anyone in and logs their activity
https://github.com/jaksi/sshesame

go golang honeypot security ssh

Last synced: 14 days ago
JSON representation

An easy to set up and use SSH honeypot, a fake SSH server that lets anyone in and logs their activity

• Host: GitHub
• URL: https://github.com/jaksi/sshesame
• Owner: jaksi
• License: apache-2.0
• Created: 2016-11-01T15:37:45.000Z (over 8 years ago)
• Default Branch: master
• Last Pushed: 2024-10-21T23:23:25.000Z (6 months ago)
• Last Synced: 2025-04-12T01:51:52.113Z (14 days ago)
• Topics: go, golang, honeypot, security, ssh
• Language: Go
• Homepage:
• Size: 6.71 MB
• Stars: 1,622
• Watchers: 35
• Forks: 98
• Open Issues: 15
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-golang-repositories - sshesame
• awesome-honeypot - **962**星

README

        
# sshesame

An easy to set up and use SSH honeypot, a fake SSH server that lets anyone in and logs their activity

`sshesame` accepts and logs SSH connections and activity (channels, requests), without doing anything on the host (e.g. executing commands, making network requests).

[![asciicast](https://asciinema.org/a/VSqzZi1oPA0FhQDyqht22iA6k.svg)](https://asciinema.org/a/VSqzZi1oPA0FhQDyqht22iA6k)

- [Installation and usage](#installation-and-usage)

  - [From source](#from-source)

  - [GitHub releases](#github-releases)

  - [Usage](#usage)

  - [Docker](#docker)

    - [CLI](#cli)

    - [Dockerfile](#dockerfile)

    - [Docker Compose](#docker-compose)

  - [systemd](#systemd)

  - [Configuration](#configuration)

- [Sample output](#sample-output)

## Installation and usage

> [!WARNING]

> The [`sshesame` package](https://packages.debian.org/stable/sshesame) in the official Debian (and derivatives) repositories may be (probably is) outdated.

### From source

```

$ git clone https://github.com/jaksi/sshesame.git

$ cd sshesame

$ go build

```

### GitHub releases

Linux, macOS and Windows binaries for several architectures are built and released automatically and are available on the [Releases page](https://github.com/jaksi/sshesame/releases).

### Usage

```

$ sshesame -h

Usage of sshesame:

  -config string

    	optional config file

  -data_dir string

    	data directory to store automatically generated host keys in (default "...")

```

Debug and error logs are written to standard error. Activity logs by default are written to standard out, unless the `logging.file` config option is set.

### Docker

Images for amd64, arm64 and armv7 are built and published automatically and are available on the [Packages page](https://github.com/jaksi/sshesame/pkgs/container/sshesame).

> [!IMPORTANT]

> When using a custom config file, set `server.listen_address` to listen on all interfaces (e.g. to `0.0.0.0:2022`) to ensure Docker port forwarding works.

#### CLI

```

$ docker run -it --rm\

    -p 127.0.0.1:2022:2022\

    -v sshesame-data:/data\

    [-v $PWD/sshesame.yaml:/config.yaml]\

    ghcr.io/jaksi/sshesame

```

#### Dockerfile

```dockerfile

FROM ghcr.io/jaksi/sshesame

#COPY sshesame.yaml /config.yaml

```

#### Docker Compose

```yaml

services:

  sshesame:

    image: ghcr.io/jaksi/sshesame

    ports:

      - "127.0.0.1:2022:2022"

    volumes:

      - sshesame-data:/data

      #- ./sshesame.yaml:/config.yaml

volumes:

  sshesame-data: {}

```

### systemd

```desktop

[Unit]

Description=SSH honeypot

After=network-online.target

Wants=network-online.target

[Service]

ExecStart=/path/to/sshesame #-config /path/to/sshesame.yaml

Restart=always

[Install]

WantedBy=multi-user.target

```

### Configuration

A configuration file can optionally be passed using the `-config` flag.

Without specifying one, sane defaults will be used and an RSA, ECDSA and Ed25519 host key will be generated and stored in the directory specified in the `-data_dir` flag.

A [sample configuration file](sshesame.yaml) with default settings and explanations for all configuration options is included.  

A [minimal configuration file](openssh.yaml) which tries to mimic an OpenSSH server is also included.

## Sample output

```

2021/07/04 00:37:05 [127.0.0.1:64515] authentication for user "jaksi" without credentials rejected

2021/07/04 00:37:05 [127.0.0.1:64515] authentication for user "jaksi" with public key "SHA256:uUdTmvEHN6kCAoE4RJWsxr8+fGTGhCpAhBaWgmMVqNk" rejected

2021/07/04 00:37:07 [127.0.0.1:64515] authentication for user "jaksi" with password "hunter2" accepted

2021/07/04 00:37:07 [127.0.0.1:64515] connection with client version "SSH-2.0-OpenSSH_8.1" established

2021/07/04 00:37:07 [127.0.0.1:64515] [channel 1] session requested

2021/07/04 00:37:07 [127.0.0.1:64515] [channel 1] PTY using terminal "xterm-256color" (size 158x48) requested

2021/07/04 00:37:07 [127.0.0.1:64515] [channel 1] environment variable "LANG" with value "en_IE.UTF-8" requested

2021/07/04 00:37:07 [127.0.0.1:64515] [channel 1] shell requested

2021/07/04 00:37:16 [127.0.0.1:64515] [channel 1] input: "cat /etc/passwd"

2021/07/04 00:37:17 [127.0.0.1:64515] [channel 1] closed

2021/07/04 00:37:17 [127.0.0.1:64515] connection closed

```