SSH Tarpit with EndleSsh 🪤🕳️
March 13, 2021•168 words
Endlessh is an SSH tarpit to keep the automated bots hitting port 22 locked up, and waste script kiddies time.
You can either get it from your package manager with
sudo apt install endless, or build from source. To build, ensure you have
libc6-dev installed, then
git clone email@example.com:skeeto/endlessh.git,
make, and move it to your path-
sudo mv endlessh /usr/local/bin/.
Move the service to systemd,
sudo cp util/endlessh.service /etc/systemd/system, and enable it
sudo systemctl enable endlessh. Next, specify the configuration
mkdir /etc/endlessh and
sudo vim /etc/endlessh/config
Add your desired config, e.g.
Port 22 Delay 10000 MaxLineLength 32 MaxClients 4096 LogLevel 0 BindFamily 0
If you're using a low port number, ensure you update the
AmbientCapabilities=CAP_NET_BIND_SERVICE, and run
sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh.
sudo systemctl start endlessh to start the service, you should now see the service running on your specified port when you run
netstat -tulpn | grep endlessh. If you need to check the logs, run
sudo journalctl -u endlessh