minimal_ssh_honeypot

command module

v0.0.0-...-0575966 Latest Latest Go to latest Published: Jan 26, 2023 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/masoudd/minimal_ssh_honeypot

Links

Open Source Insights

README ¶

Minimal SSH Honeypot

This is a SSH honeypot designed to only log the SSH connection attempts on a given port. It does not go any further than that and that's by design.

It is inspired by sshoney and by proxy by server_complex.go (thanks @max107 :))

How?

It works by listening on a non-privileged port (2222 by default) and pretends to be an SSH server. When an SSH client connects, it logs the connection details (IP, username, password and SSH clienr version) to stdout and then rejects the login attempt.

run with --help to see available flags and their default values.

Basic setup

Install the binary:

go install github.com/masoudd/minimal_ssh_honeypot

Ensure ${GOPATH}/bin is in your ${PATH} (so you can run minimal_ssh_honeypot from any directory):

$ export PATH:${PATH}:${GOPATH}/bin

You first need to generate a key pair for the server.

ssh-keygen -f ./host.key -N ''
Generating public/private rsa key pair.
Your identification has been saved in ./host.key.
Your public key has been saved in ./host.key.pub.
The key fingerprint is:
SHA256:5QH4ForyXNVRuUPPuKtyg2//swPLtw4c3DyS0idTpUk ash@ashmckenzie
The key's randomart image is:
+---[RSA 2048]----+
|       ....o..E .|
|      . o.. o. + |
|     . + .o. =+  |
|  . . o oo ++=o  |
|   + . .S o Oo=  |
|    o      oo* . |
|         . .o+   |
|        o + +.+  |
|         =o+.+== |
+----[SHA256]-----+

Now run it:

$ minimal_ssh_honeypot -hostkey host.key
time="2015-08-28T08:59:58+10:00" level=info msg="listening on 2222"

It is now logging to stdout and listening on port 2222 which is not the standard SSH port (22 is). This is deliberately setup this way to ensure:

You are not locked out of a remote server by default
The service is not running as root

Proceed to the Running live section for the best way to run this on a real server.

Running live

The honey pot listens on port 2222 by default. This can be changed with the -port argument

Once you have it running (ideally as the least privileged user, e.g. nobody) it's time to setup an IPTables rule to redirect the traffic. Change eth0 to the interface you want to use.

WARNING: Please, please be very careful when adding this rule you don't lock yourself out!

sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT --to-port 2222

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

server.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL