SSH Tarpit with EndleSsh 🪤🕳️

Published by Alicia's Notes 🚀, View original

Endlessh is an SSH tarpit to keep the automated bots hitting port 22 locked up, and waste script kiddies time.

You can either get it from your package manager with sudo apt install endless, or build from source. To build, ensure you have libc6-dev installed, then git clone git@github.com:skeeto/endlessh.git, cd endlessh, make, and move it to your path- sudo mv endlessh /usr/local/bin/.

Move the service to systemd, sudo cp util/endlessh.service /etc/systemd/system, and enable it sudo systemctl enable endlessh. Next, specify the configuration mkdir /etc/endlessh and sudo vim /etc/endlessh/config
Add your desired config, e.g.

Port 22
Delay 10000
MaxLineLength 32
MaxClients 4096
LogLevel 0
BindFamily 0

If you're using a low port number, ensure you update the endlessh.service with AmbientCapabilities=CAP_NET_BIND_SERVICE, and run sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh.

Finally, run sudo systemctl start endlessh to start the service, you should now see the service running on your specified port when you run netstat -tulpn | grep endlessh. If you need to check the logs, run sudo journalctl -u endlessh