

Show HN: Open source SSH honeypot with an API - namidark
http://sshpot.com/

======
duskwuff
Does this do anything after login, like Kippo does?

[https://github.com/desaster/kippo](https://github.com/desaster/kippo)

~~~
joantune
yeah, this is what I was talking about. Once for a college project we had VMs
acting as honeypots, to try to get the big bears (not just bots) so we changed
OpenSSH source code, let them in at the 3rd try and then the idea was to send
back through ICMP payloads the session keys to decrypt the communication,
based on a nettables module hack published at phrack!

~~~
echmos
Linky? This sounds interesting.

------
echmos
Hey namidark,

As an avid honeypot person I like this project a lot, I'll be doing a talk at
a conference about them soon. Do you provide a master repository for the
username/password combinations that have been guessed? I understand I could do
this with constant JSON fetching but I admit, I don't have an incredible
talent when it comes to web technologies (but it is something I am working on
improving).

~~~
namidark
If you drop me a line I can get you a DB dump - josh [ at ] bluescripts.net or
open an issue on github

~~~
x1798DE
Any chance you'll make it generally public? I can see reasons for keeping it
private and for having a public repository with occasional database dumps,
don't know where you fall on that.

Of course, anyone who runs an SSH server on port 22 knows it's not that hard
to generate your own little database quickly enough.

~~~
namidark
All the data is currently public (via the API) - you just have to know how to
query the API to get it. Not sure if a publicly accessible endpoint to dump
_all_ data is a good idea (since that could get resource intensive).

If you have a suggestion for some api endpoints or better querying, let me
know.

------
joantune
That looks cool! How about letting them in and gather the 1st ~10 commands
issued :D (i done something similar for a college project)

------
jimmcslim
Is there any benefit to running this vs just keeping your SSH port on 22 and
running fail2ban or denyhosts which also run servers cataloging black-listed
IP address (well, denyhosts supports the option, not sure about fail2ban).

~~~
rmc
It allows us to collect passwords crackers are using, and banner users from
using them? Increasing security by learning what the attackers are doing?

~~~
namidark
That is also another goal I would like to add - is the ability to cross-check
passwords against the API so you can prevent users from using them.

------
codezero
Pedantic: daemons, not daemon's (the possessive) :)

