Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/le0nwolf/openssh-8.1p1_antibruteforcessh

This openSSH Version Logs all failed login attempts and when a wrong password is typed in there will be a delay until next password attempt
https://github.com/le0nwolf/openssh-8.1p1_antibruteforcessh

openssh-client openssh-daemon openssh-hack openssh-mod openssh-portable openssh-server password-log ssh ssh-client ssh-server

Last synced: about 1 month ago
JSON representation

This openSSH Version Logs all failed login attempts and when a wrong password is typed in there will be a delay until next password attempt

Host: GitHub
URL: https://github.com/le0nwolf/openssh-8.1p1_antibruteforcessh
Owner: Le0nWolf
Created: 2020-01-20T16:18:14.000Z (almost 5 years ago)
Default Branch: master
Last Pushed: 2020-11-18T16:02:59.000Z (about 4 years ago)
Last Synced: 2024-11-06T12:47:33.609Z (about 2 months ago)
Topics: openssh-client, openssh-daemon, openssh-hack, openssh-mod, openssh-portable, openssh-server, password-log, ssh, ssh-client, ssh-server
Language: C
Size: 1.66 MB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# OpenSSH Mod

This Mod/Hack of the Linux SSH Server allows you to see wrong passwords and ONLY wrong passwords in the log fiels.
When a password is typed in incorrectly then a litte timer is set to avoid brute force Attacks. When you dont want it remove the Sleep Command from: "auth-passwd.c" and from "auth-pam.c".
This SSH Mod has included the systemd patch. When you normally compile and install the official openssh-portable from: https://github.com/openssh/openssh-portable.git you will see that "systemctl restart ssh" or "systemctl start ssh" will not work becouse ssh will not tell the systemd deamon that the start was successfull and when you do "systemctl status ssh" then the active state will never be achieve and it will stuck in state: activating.
Here is an Example what the log looks like:

Example: "/var/log/auth.log":
Apr 15 15:01:04 Pi sshd[993]: Invalid user tomcat from 192.168.178.34 port 53242
Apr 15 15:01:09 Pi sshd[993]: error: Could not get shadow information for NOUSER
Apr 15 15:01:09 Pi sshd[993]: SSHGuard: failed login attempt on User: 'tomcat' Password: '1q2w3e4r5t'
Apr 15 15:01:19 Pi sshd[993]: Failed password for invalid user tomcat from 192.168.178.34 port 53242 ssh2
Apr 15 15:01:28 Pi sshd[993]: Connection closed by invalid user tomcat 112.85.42.232 port 33850 [preauth]

### The files i editet are:
- auth-passwd.c
- auth-pam.c
- configure.ac
- sshd.c

I have commented on all changes that have been made following this
Example from auth-passwd.c:

/\*Added by Leon\*/
if (strcmp(encrypted_password, pw_password) != 0) {
logit("SSHGuard: failed login attempt on User: '%.100s' Password: '%.100s'", authctxt->user, password);
sleep(10);
}
/\*End\*/

So you only need to open the files and search for the word: "Leon" to see the changes.

How to Compile:

#Install necessary Packets for building SSH
apt install build-essential zlib1g-dev libssl-dev libsystemd-dev pkg-config libpam0g-dev

autoreconf

#Configure
./configure --with-systemd --with-pam --prefix=/usr --sysconfdir=/etc/ssh

#Compile
make

#Install
make install

#Restart sshd
systemctl restart ssh

Or simply run my install.sh Skript

Sorry for Bad English I am German.