git/gitflow/gitlib>> ssh-auth-logger>> 返回
项目作者: JustinAzoff

项目描述 :
A low/zero interaction ssh authentication logging honeypot
高级语言: Go
项目地址: git://github.com/JustinAzoff/ssh-auth-logger.git
创建时间: 2017-04-14T00:22:50Z
项目社区:https://github.com/JustinAzoff/ssh-auth-logger
开源协议:
下载


A low/zero interaction ssh authentication logging honeypot

Interesting features

Structured logging

ssh-auth-logger logs all authentication attempts as json making it easy to
consume in other tools. No more ugly openssh log parsing
vulnerabilities.

“Random” host keys

ssh-auth-logger uses HMAC to hash the destination IP address and a key in order to
generate a consistently “random” key for every responding IP address. This
means you can run ssh-auth-logger on a /16 and every ip address will appear
with a different host key. TODO: add random sshd version reporting as well.

Example log entry

This is normally logged on one line

  1. {
  2.   "client_version": "SSH-2.0-libssh2_1.4.3",
  3.   "destinationServicename": "sshd",
  4.   "dpt": "22",
  5.   "dst": "192.168.1.2",
  6.   "duser": "root",
  7.   "level": "info",
  8.   "msg": "Request with password",
  9.   "password": "P@ssword1",
  10.   "product": "ssh-auth-logger",
  11.   "server_version": "SSH-2.0-OpenSSH_5.3",
  12.   "spt": "38624",
  13.   "src": "192.168.1.4",
  14.   "time": "2017-11-17T19:16:37-05:00"
  15. }

How to use it

  1. go install github.com/JustinAzoff/ssh-auth-logger@latest
  2. export SSHD_BIND=:2222
  3. ~/go/bin/ssh-auth-logger

Note

To bind to port 22 directly:

  1. sudo setcap cap_net_bind_service=+ep ~/go/bin/ssh-auth-logger

Run with docker

  1. docker run -t -i --rm  -p 2222:22 justinazoff/ssh-auth-logger