Skip to content

Fake SSH server for confusing spammers, because we all know security through obscurity rocks.

License

Notifications You must be signed in to change notification settings

tylermenezes/FakeSSH

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

FakeSSH

FakeSSH is an SSH server which denies all login requests sent its way. It's the result of literally minutes of work.

Move your real SSH server to a different port, then run the FakeSSH server.

Why?

In a sense, FakeSSH is based on the idea that security through obscurity is kind of like adding a single bit to your security, the value of which is widely known. It might actually prevent a targeted attack by an unskilled attacker.

Mostly, though, I just like the idea that someone is wasting time trying to log into a server which will literally never let them in.

Requirements

  • python
  • paramiko

Use

  1. Create an RSA key using ssh_keygen. Save it to data/rsa.
  2. Copy data/config.sample.json to data/config.json
  3. Edit if desired.
  4. Run server.py with python.

If you're on Ubuntu, you could create an upstart script at /etc/init/fakessh.conf:

# fakessh
description "A fake SSH server"
author "Tyler Menezes <[email protected]>"
start on runlevel [2345]
stop on runlevel [016]
respawn
exec python /opt/fakessh/server.py

Graphing

If you enable logging, you can run python stats.py to get statistics about login attempts. --today will get you the count today, and --hist will produce a graph of the last week. (You can use them both together.)

About

Fake SSH server for confusing spammers, because we all know security through obscurity rocks.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages