Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/shadi/ssh_honeypot

Honeypot for ssh connections
https://github.com/shadi/ssh_honeypot

honeypot ssh-server

Last synced: 20 days ago
JSON representation

Honeypot for ssh connections

Host: GitHub
URL: https://github.com/shadi/ssh_honeypot
Owner: Shadi
License: mit
Created: 2021-02-07T10:24:37.000Z (almost 4 years ago)
Default Branch: main
Last Pushed: 2021-09-20T21:09:43.000Z (over 3 years ago)
Last Synced: 2024-10-28T15:50:49.816Z (2 months ago)
Topics: honeypot, ssh-server
Language: Go
Homepage:
Size: 13.7 KB
Stars: 0
Watchers: 2
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # ssh_honeypot

You can use this package to reduce the impact of brute force login attemts on ssh, this package imitate an ssh server, and on each login attempt pause the execution for a short time, and log the origin of the attempt on a separate log file.

### Installation

1- Download and extract the binary: `wget https://github.com/Shadi/ssh_honeypot/releases/download/v1.0.0/ssh_honeypot_1.0.0_linux_amd64.tar.gz -q -O- | tar xz`

2- Move the executable to a location in your $PATH: `mv ssh_honeypot /usr/local/bin`

3- Run it: `ssh_honeypot`

### Flags:

* `-p`: Port to use, default is 22 

* `-l`: Path of file to use for writing login attempts, default is `./attempts.log`

* `-c`: Max concurrent attempts, default is 20

* `-w`: Pause duration  n seconds before failing a login attempt, default is 15

### Usage

1- Change the default port that is being used by your ssh server, usually this is specified in the file `/etc/ssh/sshd_config`, search  for the entry port, and change the value to a different port, it might be commented out if you are still using the default, after that restart the ssh service: `systemctl restart ssh`

2- If you are using a firewall make sure you allow access to the new port, for instance if you specify the port 2242 in step(1) and you are using ufw firewall you can use the command: `ufw allow 2242/tcp`, from now on when you login you need to specify the new port using ssh `-p` flag: `ssh root@address -p NewPort`

3- run the package `ssh_honeypot`, this will use the default package configuration, it will pause execution for 15 seconds between attempts and write attempts to the log file `./attempts.log`

### Automatically Start at Boot

If you are using systemd then you can use the unit in [systemd/sshp.service](systemd/sshp.service) to automatically start ssh_honeybot on boot:

1- Copy the file to `cp systemd/sshp.service /etc/systemd/system`

2- Reload systemd: `systemctl daemon-reload`

3- Enable and start the service: `systemctl enable --now sshp.service`

### Docker

The 4 command line options have been converted into environment variables:

* `-p` -> SSH_PORT

* `-l` -> LOG_FILE

* `-c` -> MAX_ATTEMPT

* `-w` -> WAIT_DURATION

To build docker image: `docker build . -t ssh_honeypot`

To run: `docker run ssh_honeypot`

Examples for different run configurations:

* Change port `docker run -e SSH_PORT=2222 -p 2222:2222 ssh_honeypot`

* Change log file path `docker run -e LOG_FILE=/tmp/attempts.log ssh_honeypot`

* Change wait duration `docker run -e WAIT_DURATION=5 ssh_honeypot`

* Change max attempts `docker run -e MAX_ATTEMPTS=10 ssh_honeypot`