https://github.com/jsfraz/geopot

Monitoring SSH login attempts and geolocating remote hosts who failed to login and gathering used credentials.
https://github.com/jsfraz/geopot

geolocation globegl golang ip-address-geolocation postgres redis ssh ssh-login ssh-logs ssh-monitoring timescaledb unauthorized-access valkey vue3

Last synced: 23 days ago
JSON representation

Monitoring SSH login attempts and geolocating remote hosts who failed to login and gathering used credentials.

• Host: GitHub
• URL: https://github.com/jsfraz/geopot
• Owner: jsfraz
• Created: 2024-02-15T20:06:34.000Z (over 2 years ago)
• Default Branch: master
• Last Pushed: 2025-09-24T23:26:22.000Z (8 months ago)
• Last Synced: 2025-09-25T01:09:53.154Z (8 months ago)
• Topics: geolocation, globegl, golang, ip-address-geolocation, postgres, redis, ssh, ssh-login, ssh-logs, ssh-monitoring, timescaledb, unauthorized-access, valkey, vue3
• Language: Vue
• Homepage: https://geopot.josefraz.cz/
• Size: 2.6 MB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# geopot

Monitoring SSH login attempts and geolocating remote hosts who failed to login and gathering used credentials.

![Frontend screenshot](frontend.png)

## How it works

The main idea is that you don't use default SSH port to connect to your remote server/VPS. This Docker Compose configuration maps fake server's port 22 to Docker host's public IP and stores unsuccesful login details in the database.

## Example usage

### Example `docker-compose.yml` (see [`docker-compose.example.yml`](docker-compose.example.yml))

Don't forget to generate `private_key.pem` first using following command:

```bash

openssl genrsa -out private_key.pem 4096

```

And build with `sudo docker compose up -d`!

For deploying behind a reverse proxy see [nginx configuration](geopot.conf).

### Example `.env` environmental variables  (see [`.env.example`](.env.example))

| Variable          | Description           |

|-------------------|-----------------------|

| GIN_MODE          | Production/debug mode |

| POSTGRES_USER     | PostgreSQL user       |

| POSTGRES_PASSWORD | PostgreSQL password   |

| POSTGRES_SERVER   | PostgreSQL server     |

| POSTGRES_PORT     | PostgreSQL port       |

| POSTGRES_DB       | PostgreSQL database   |

| VALKEY_PASSWORD   | Valkey password       |

| VALKEY_SERVER     | Valkey server         |

| VALKEY_PORT       | Valkey port           |

### TODO Example nginx configuration

## Development

### Local build

```bash

sudo docker compose -f docker-compose.dev.yml --env-file .env.dev up -d --build

```

### Testing `localhost:2222`

```bash

./test.sh number_of_attempts

```

### Swagger UI

Swagger UI is available at `http://localhost:8080/swagger` after starting development mode.