Before we get into the meat and potatoes, here is a general overview of this whole SSH honeypot thing…
- Access to a cloud hosting platform of your choice (Linode, AWS, etc)
- That’s it lol
If you cannot afford to spin up servers in the cloud or you do not want to use the cloud for some reason, you can spin up a server in your own home network. Do this at your own risk though, someone might be successful!
Setting Up General Ubuntu Server
I used Linode for this experiment because I think the interface is a lot easier to understand which allows one to work faster compared to things like AWS. The first ubuntu server will be hosting a listening script that logs the username and password used in the login attempt as well as the IP address. The code for this can be found here. Git clone the repo using the following command:
git clone <REPO ADDRESS>
The repository address can be found here
After cloning the repo you can change directory into the one you just cloned. You can then run the setup script to install the dependencies or you can install them manually if you feel like a boss.
Before running the listening script though, you need to change your default SSH port. You can do this using the following steps:
sudo nano /etc/ssh/sshd_config
Uncomment the line that says Port 22 and put the desired port of choice
Now you can run the listening script using the following command:
python3 psh**t.py -o passwords.json -p 22
Set Up Endless SSH Server
The steps for setting this server up are pretty much the same, to be honest, but we shall go through them nonetheless.
The first thing you should do on this server is to update your system using the following command:
sudo apt update
After this is complete you can clone the repo from here. This tool is mostly written in C so we will have to make the file first. Just in case you do not have the dependencies or tools to ‘make’ the tool, run the following command:
sudo apt install build-essential
Once that is done, you can change into the endless directory and run the command
You should get output that looks like this:
Remember to change the default SSH port for this server as well then run the following command to listen:
./endless -p 22
You can use whatever flags you’d like, check the documentation for that. To see the output from endless ssh when you connect to it, append the
-vvv flags to your command for very very verbose.
Apart from that, this is all you need to do. If you have any suggestions for moving on with the project, let me know. I shall be back in 30 days with the results.