- Notifications
You must be signed in to change notification settings - Fork4
A low-interaction SSH honeypot written in C
License
sjinks/ssh-honeypotd
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
A low-interaction SSH honeypot written in C.
Usage: ssh-honeypotd [options]...
Mandatory arguments to long options are mandatory for short options too.
-k,--host-key FILE: the file containing the private host key (RSA, DSA, ECDSA, ED25519)-b,--address ADDRESS: the IP address to bind to (default:0.0.0.0)-p,--port PORT: the port to bind to (default:22)-P,--pid FILE: the PID file (if not specified, the daemon will run in the foreground)-n,--name NAME: the name of the daemon for syslog (default:ssh-honeypotd)-u,--user USER: drop privileges and switch to this USER (default:daemonornobody)-g,--group GROUP: drop privileges and switch to this GROUP (default:daemonornogroup)-x,--no-syslog: log messages only to stderr (only works with--foreground)-f,--foreground: do not daemonize-h,--help: display help and exit-v,--version: output version information and exit
-k option must be specified at least once if ssh-honeypots is compiled against libssh prior to 0.8.0 (note that in Ubuntu (and possibly Debian), libssh 0.8.0 is detected as 0.7.0 because of a bug inlibssh.h). For newer libssh versions, the host key is generated automatically (RSA 2048 bits).
The minimum supportedlibssh version is 0.7.0.
docker run -d \ --network=host \ --cap-add=NET_BIND_SERVICE \ --restart=always \ --read-only \ --name=ssh-honeypotd \ -e ADDRESS=0.0.0.0 \ -e PORT=22 \ wildwildangel/ssh-honeypotd:latest
docker run -d \ --network=host \ --cap-add=NET_BIND_SERVICE \ --restart=always \ --read-only \ wildwildangel/ssh-honeypotd-min:latest
ssh-honeypotd.yaml:
---apiVersion:v1kind:Namespacemetadata:name:honeypots---apiVersion:apps/v1kind:DaemonSetmetadata:name:ssh-honeypotdnamespace:honeypotsspec:selector:matchLabels:name:ssh-honeypotdtemplate:metadata:labels:name:ssh-honeypotdspec:hostNetwork:truecontainers: -name:ssh-honeypotdimage:wildwildangel/ssh-honeypotd-min# or wildwildangel/ssh-honeypotdresources:limits:cpu:100mmemory:12Mirequests:cpu:100mmemory:12MisecurityContext:capabilities:drop: -alladd: -NET_BIND_SERVICEreadOnlyRootFilesystem:trueallowPrivilegeEscalation:falseseccompProfile:type:RuntimeDefaultports: -containerPort:22hostPort:22protocol:TCP
kubectl apply -f ssh-honeypotd.yaml
You can control ssh-honeypotd's behavior in the container (wildwildangel/ssh-honeypotd image) with the following environment variables:
ADDRESS(default: 0.0.0.0): the IP address to bind to;PORT(default: 22): the port to bind to.
These variables make it easy to have several ssh-honeypotd's running on the same machine, should the need arise.
ssh-honeypotd's Docker image comes in two flavors:
- A standard image based on the latest stable Alpine:wildwildangel/ssh-honeypotd.
- A minimalistic image based on the
scratchDocker image:wildwildangel/ssh-honeypotd-min
Thessh-honeypotd-min image contains only the statically linkedssh-honeypotd binary and the set of the pre-generated SSH keys. This image is a bit smaller thanssh-honeypotd but is experimental at the moment. Thessh-honeypotd binary in thessh-honeypotd-min image does not support the following command-line options:--pid,--name,--user,--group,--no-syslog,--foreground.
About
A low-interaction SSH honeypot written in C