An easy to set up and use SSH honeypot, a fake SSH server that lets anyone in and logs their activity
sshesame accepts and logs SSH connections and activity (channels, requests), without doing anything on the host (e.g. executing commands, making network requests).
⚠️ Thesshesamepackage in the official Debian (and derivatives) repositories may be (probably is) outdated.
$ git clone https://github.com/jaksi/sshesame.git
$ cd sshesame
$ go build
Linux, macOS and Windows binaries for several architectures are built and released automatically and are available on the Releases page.
Snaps for several architectures are built and released automatically and are available on the Snap Store.
⚠️ The snap can only access files (configs, keys, logs) in the user's home directory.
$ snap install sshesame
$ sshesame -h
Usage of sshesame:
-config string
optional config file
-data_dir string
data directory to store automatically generated host keys in (default "...")
Debug and error logs are written to standard error. Activity logs by default are written to standard out, unless the logging.file config option is set.
Images for amd64, arm64 and armv7 are built and published automatically and are available on the Packages page.
$ docker run -it --rm\
-p 127.0.0.1:2022:2022\
-v sshesame-data:/data\
[-v $PWD/sshesame.yaml:/config.yaml]\
ghcr.io/jaksi/sshesame
FROM ghcr.io/jaksi/sshesame
#COPY sshesame.yaml /config.yamlservices:
sshesame:
image: ghcr.io/jaksi/sshesame
ports:
- "127.0.0.1:2022:2022"
volumes:
- sshesame-data:/data
#- ./sshesame.yaml:/config.yaml
volumes:
sshesame-data: {}[Unit]
Description=SSH honeypot
After=network-online.target
Wants=network-online.target
[Service]
ExecStart=/path/to/sshesame #-config /path/to/sshesame.yaml
Restart=always
[Install]
WantedBy=multi-user.targetA configuration file can optionally be passed using the -config flag.
Without specifying one, sane defaults will be used and an RSA, ECDSA and Ed25519 host key will be generated and stored in the directory specified in the -data_dir flag.
A sample configuration file with default settings and explanations for all configuration options is included.
A minimal configuration file which tries to mimic an OpenSSH server is also included.
2021/07/04 00:37:05 [127.0.0.1:64515] authentication for user "jaksi" without credentials rejected
2021/07/04 00:37:05 [127.0.0.1:64515] authentication for user "jaksi" with public key "SHA256:uUdTmvEHN6kCAoE4RJWsxr8+fGTGhCpAhBaWgmMVqNk" rejected
2021/07/04 00:37:07 [127.0.0.1:64515] authentication for user "jaksi" with password "hunter2" accepted
2021/07/04 00:37:07 [127.0.0.1:64515] connection with client version "SSH-2.0-OpenSSH_8.1" established
2021/07/04 00:37:07 [127.0.0.1:64515] [channel 1] session requested
2021/07/04 00:37:07 [127.0.0.1:64515] [channel 1] PTY using terminal "xterm-256color" (size 158x48) requested
2021/07/04 00:37:07 [127.0.0.1:64515] [channel 1] environment variable "LANG" with value "en_IE.UTF-8" requested
2021/07/04 00:37:07 [127.0.0.1:64515] [channel 1] shell requested
2021/07/04 00:37:16 [127.0.0.1:64515] [channel 1] input: "cat /etc/passwd"
2021/07/04 00:37:17 [127.0.0.1:64515] [channel 1] closed
2021/07/04 00:37:17 [127.0.0.1:64515] connection closed
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}