[tor-relays] is a good idea to run a ssh honeypot?

Mirimir mirimir at riseup.net
Sun Apr 7 21:06:01 UTC 2019


On 04/07/2019 12:52 PM, caioau wrote:
> Hi, I been running a relay for almost 1,5 year, and in the beginning I didn't change the default 22 ssh port but a lot of people were trying to login , no worries I only allow public key authentication.
> 
> So I was wondering if I could record the attacks, so I find this https://haas.nic.cz/ service and I'm running on my relay, is it a good idea?
> 
> Thanks
> 
> Sent with ProtonMail Secure Email.

There's also endlessh:

| Endlessh is an "SSH tarpit that very slowly sends an endless,
| random SSH banner. It keeps SSH clients locked up for hours or
| even days at a time. The purpose is to put your real SSH server
| on another port and then let the script kiddies get stuck in
| this tarpit instead of bothering a real server.

https://github.com/skeeto/endlessh


More information about the tor-relays mailing list