Home

Awesome

sshlowpot

Yet another no-frills low-interaction ssh honeypot in Go.

Accepts SSH connections on a given port (2222 by default), records authentication attempts and tells the connecting client the authentication failed.

Please note that this is not yet production code. In particular, the log output is subject to change.

Installation

Get and build the source:

go get github.com/magisterquis/sshlowpot
go install github.com/magisterquis/sshlowpot

Compiled binaries can be made available upon request.

Make sure IP forwarding is enabled and forward the port. The following examples assume the external-facing port is 22 and sshlowpot is listening on 2222.

OpenBSD:

#Assuming the external-facing interface is vio0

[root@box]# sysctl net.inet.ip.forwarding=1
[root@box]# echo "pass in on vio0 from any to (vio0) port 22 rdr-to 127.0.0.1 port 2222" >> /etc/pf.conf
[root@box]# pfctl -vf /etc/pf.conf
[user@box]$ sshlowopt -v

Linux:

[root@box]# sysctl net.ipv4.ip_forward=1
[root@box]# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT --to-port 2222
[user@box]$ sshlowpot -v

Usage

Usage: sshlowpot [options]

Options are:
  -a address
    	Listen address (default "127.0.0.1:2222")
  -key file
    	SSH private key file, which will be created if it doesn't already exist (default "slp_id_rsa")
  -to timeout
    	SSH handshake timeout (default 1m0s)
  -v	Enable verbose logging
  -ver version
    	SSH server version string (default "SSH-2.0-OpenSSH_7.0")

For the most part, no options are required as long as you can forward your external port of choice to 127.0.0.1:2222. Please don't run it as root on 22.

Output

Output should look something like the following (with -v):

2016/01/19 19:43:41 Made SSH key and wrote it to slp_id_rsa
2016/01/19 19:43:41 Listening on 127.0.0.1:2222
2016/01/19 19:43:51 Address:168.235.89.22:52119 Connect
2016/01/19 19:43:53 Address:168.235.89.22:52119 User:"exuser" Version:"SSH-2.0-OpenSSH_7.0" Key(ssh-rsa):BE9DA2A4D129652DB64AF6D71DEFD25F
2016/01/19 19:43:56 Address:168.235.89.22:52119 User:"exuser" Version:"SSH-2.0-OpenSSH_7.0" Keyboard-Interactive:"passtry1"
2016/01/19 19:43:57 Address:168.235.89.22:52119 User:"exuser" Version:"SSH-2.0-OpenSSH_7.0" Keyboard-Interactive:"passtry2"
2016/01/19 19:43:58 Address:168.235.89.22:52119 User:"exuser" Version:"SSH-2.0-OpenSSH_7.0" Keyboard-Interactive:"passtry3"
2016/01/19 19:43:59 Address:168.235.89.22:52119 User:"exuser" Version:"SSH-2.0-OpenSSH_7.0" Password:"passtry4"
2016/01/19 19:44:01 Address:168.235.89.22:52119 User:"exuser" Version:"SSH-2.0-OpenSSH_7.0" Password:"passtry5"
2016/01/19 19:44:02 Address:168.235.89.22:52119 User:"exuser" Version:"SSH-2.0-OpenSSH_7.0" Password:"passtry6"
2016/01/19 19:44:02 Address:168.235.89.22:52119 Disconnect

Windows

It should run on Windows just fine. If it doesn't, feel free to send a pull request.