Low-interaction SSH honeypot written in Go.
Attackers will be able to log in, and send commands, but nothing is ever executed, just logged.
Generate SSH server private keys without passphrase:
ssh-keygen -f id_rsa -N "" -t rsaBuild:
go build .Run:
./goneypot -key id_rsa -addr 0.0.0.0 -port 2222Test:
ssh -p 2222 user@localhostBy default, goneypot accept any combinaison of username/password.
Login credentials can be added to restrict the username/password that can log in:
-
create a file with
username:passwordin it:echo "foo:foo" > creds
-
start goneypot with the
-creds-fileflag:goneypot -creds-file creds
goneypot supports Prometheus, to enable it use flag -enable-prometheus:
goneypot -enable-prometheus -prom-port 9001 -prom-addr localhostAn AppArmor profile can be found in ./extras/apparmor/.
Goneypot can be started in a systemd service, you can find examples in ./extras/systemd/.
First create a user and a group goneypot, then run:
go build -o /usr/bin/goneypot .
cp ./extras/systemd/goneypot{*.socket,.service} /etc/systemd/system/
cp ./extras/systemd/goneypotpre.sh /usr/bin/goneypotpre
systemctl daemon-reload
systemctl status goneypot.serviceNote
By default goneypot (via systemd) will listen on port 22, this can be changed in /etc/systemd/system/goneypot.socket.
Note
Goneypot configuration can be changed in /etc/systemd/system/goneypot.service.
- add connections timeout
- add receive limits
goneypot is licensed under MIT.