holm/endlessh
1
1
Fork 0
forked from extern/endlessh
Code Issues Pull Requests Packages Projects Releases Wiki Activity
30e3ff1f32
endlessh/README.md
Christopher Wellons e7c93c6664 Add link to main article in README
2019-03-25 09:37:34 -04:00

84 lines
2.6 KiB
Markdown
Raw Blame History

# Endlessh: an SSH tarpit
Endlessh is an SSH tarpit [that *very* slowly sends an endless, random
SSH banner][np]. It keeps SSH clients locked up for hours or even days
at a time. The purpose is to put your real SSH server on another port
and then let the script kiddies get stuck in this tarpit instead of
bothering a real server.
Since the tarpit is in the banner before any cryptographic exchange
occurs, this program doesn't depend on any cryptographic libraries. It's
a simple, single-threaded, standalone C program. It uses `poll()` to
trap multiple clients at a time.
## Usage
Usage information is printed with `-h`.
```
Usage: endlessh [-vh] [-d MS] [-f CONFIG] [-l LEN] [-m LIMIT] [-p PORT]
-d INT Message millisecond delay [10000]
-f Set and load config file [/etc/endlessh/config]
-h Print this help message and exit
-l INT Maximum banner line length (3-255) [32]
-m INT Maximum number of clients [4096]
-p INT Listening port [2222]
-v Print diagnostics to standard output (repeatable)
```
Argument order matters. The configuration file is loaded when the `-f`
argument is processed, so only the options that follow will override the
configuration file.
By default no log messages are produced. The first `-v` enables basic
logging and a second `-v` enables debugging logging (noisy). All log
messages are sent to standard output.
endlessh -v >endlessh.log 2>endlessh.err
A SIGTERM signal will gracefully shut down the daemon, allowing it to
write a complete, consistent log.
A SIGHUP signal requests a reload of the configuration file (`-f`).
## Sample Configuration File
The configuration file has similar syntax to OpenSSH.
```
# The port on which to listen for new SSH connections.
Port 2222
# The endless banner is sent one line at a time. This is the delay
# in milliseconds between individual lines.
Delay 10000
# The length of each line is randomized. This controls the maximum
# length of each line. Shorter lines may keep clients on for longer if
# they give up after a certain number of bytes.
MaxLineLength 32
# Maximum number of connections to accept at a time. Connections beyond
# this are not immediately rejected, but will wait in the queue.
MaxClients 4096
# Set the detail level for the log.
# 0 = Quiet
# 1 = Standard, useful log messages
# 2 = Very noisy debugging information
LogLevel 0
```
## Build issues
RHEL 6 and CentOS 6 use a version of glibc older than 2.17 (December
2012), and `clock_gettime(2)` is still in librt. For these systems you
will need to link against librt:
make LDLIBS=-lrt
[np]: https://nullprogram.com/blog/2019/03/22/
Reference in New Issue View Git Blame Copy Permalink