is a good idea to run a ssh honeypot?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, I been running a relay for almost 1,5 year, and in the beginning I didn't change the default 22 ssh port but a lot of people were trying to login , no worries I only allow public key authentication. So I was wondering if I could record the attacks, so I find this https://haas.nic.cz/ service and I'm running on my relay, is it a good idea? Thanks Sent with ProtonMail Secure Email. -----BEGIN PGP SIGNATURE----- Version: ProtonMail Comment: https://protonmail.com wsBcBAEBCAAGBQJcqlUBAAoJEO6drAP5JZWbZ30H/i5UlyLceKIKB1osoA16 W0x2YZWoLw8Lvifxt0ijwQSLdzU5H1CTXxHoQJLpygESdGJMbBYiOGirRnWR nnlHqnbHHwUbZDUsxUBZTBrutwVaXXmswYyfrgZvJo17ocSaT2goaPJ0F9oK JHpzDegTOIE6hbwUI3BnDLI6u7/gCE1ZvgrzSbIvXebZ8XKC67j0AwhKMX0Q zUjLpXQ2eq5XLKPlOnXUc/i6xYCIoNjoBRSHX95hd2N4zy7xuZ3UhrVn0ZBi 7ZRjo77h7BeRsB3F9bA61DfgN9pM+J+R9sPU3qYClXPB/cOJmyVqVFtcT7NK 0Tz+mfbFNI8KfhN9ZHMS16Q= =FsLz -----END PGP SIGNATURE-----
On 04/07/2019 12:52 PM, caioau wrote:
Hi, I been running a relay for almost 1,5 year, and in the beginning I didn't change the default 22 ssh port but a lot of people were trying to login , no worries I only allow public key authentication.
So I was wondering if I could record the attacks, so I find this https://haas.nic.cz/ service and I'm running on my relay, is it a good idea?
Thanks
Sent with ProtonMail Secure Email.
There's also endlessh: | Endlessh is an "SSH tarpit that very slowly sends an endless, | random SSH banner. It keeps SSH clients locked up for hours or | even days at a time. The purpose is to put your real SSH server | on another port and then let the script kiddies get stuck in | this tarpit instead of bothering a real server. https://github.com/skeeto/endlessh
participants (2)
-
caioau -
Mirimir