-
可用
-
It Does Work
-
开发中 -
In Developing
长期以来,服务器的22端口始终有人试图爆破,每次登陆都会显示有数百次失败的尝试。
一段时间之前我已经更换为密钥登陆(建议停止口令登陆SSH而使用密钥,尤其是您正在遭受穷举的情况下),可以说是基本没有被穷尽成功的可能,但是看着log里的记录还是很烦。
即便使用了fail2ban仍收效甚微,即使在每次登录失败即封禁IP一周的情况下,本月仍有千余条IP的登陆失败记录。
虽然暂时通过更换端口的方式缓解了这样的现象,但仍不能保证以后新的端口不会被爆破。
所以写这个__假的SSH服务器__。首先是迷惑攻击者认为端口仍在正常工作,然而其实是不可能入侵成功的。其次收集访问者的IP和相关信息。最终目的是分析访问者信息,形成封禁策略,可以应用于其他的服务器上。
- configure file
- shell for git server
- max connections
Read this file for information.
Usage of FakeSSH:
-A disable anti honeypot scan
-V show version of this binary
-a enable anti honeypot scan (default)
-bind addr
binding addr (default ":22")
-c path
config path
-config path
config path
-delay int
wait time for each login (ms)
-devia int
deviation for wait time (ms)
-format [plain|json]
log format: [plain|json] (default "plain")
-gen
generate a private key to key file path
-h show this page
-help
show this page
-key path
key file path, can set more than one
-level [debug|info|warning]
log level: [debug|info|warning] (default "info")
-log file
log file
-passwd
log password to file
-try int
max try times (default 3)
-type string
type for generate private key (default "ed25519")
-version string
ssh server version (default "OpenSSH_9.0p1")
-
The general format is
type:option, and the option part can leave blank. -
Following types is available:
ed25519,rsa,ecdsa, default ised25519if it's left empty. -
If key path is not specialed, you can set multi types, separated with
,. For example,rsa|rsa:2048|ecdsa:P256,rsa|ed25519,ecdsaare all available, but only the first type set is used for generating mode. -
Option for
rsais key size, default is4096. -
Option for
ecdsais curve type, such asP256,P384,P521, and default isP384.