Stop SSH bruteforce with endlessh

Endlessh is an open source SSH trapit. It send slow random banner string to attacker, wasting their time.

Before you install endlessh, you need to change your SSH port to a higher non default port. To do this edit

vi /etc/ssh/sshd_config

1	vi /etc/ssh/sshd_config

Find

Port 22

Port 22

Replace with

Port YOUR_NEW_PORT_HERE

1	Port YOUR_NEW_PORT_HERE

If the line is commented with #, uncomment it.

Now you can install endlessh with

cd /usr/local/src
git clone https://github.com/skeeto/endlessh
cd /usr/local/src/endlessh
make
cp endlessh /usr/local/bin
cp /usr/local/src/endlessh/util/endlessh.service /etc/systemd/system/

cd /usr/local/src

git clone https://github.com/skeeto/endlessh

cd /usr/local/src/endlessh

make

cp endlessh /usr/local/bin

cp /usr/local/src/endlessh/util/endlessh.service /etc/systemd/system/

By default endlessh run on port 2222. To change it to port 22, edit file

vi /etc/systemd/system/endlessh.service

1	vi /etc/systemd/system/endlessh.service

Find

#AmbientCapabilities=CAP_NET_BIND_SERVICE

1	#AmbientCapabilities=CAP_NET_BIND_SERVICE

Replace with

AmbientCapabilities=CAP_NET_BIND_SERVICE

1	AmbientCapabilities=CAP_NET_BIND_SERVICE

Find

PrivateUsers=true

1	PrivateUsers=true

Replace with

#PrivateUsers=true

1	#PrivateUsers=true

Run

setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh

1	setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh

Create endlessh configuration file

vi /etc/endlessh/config

1	vi /etc/endlessh/config

Add following content

Port 22
Delay 10000
MaxLineLength 32
MaxClients 4096
LogLevel 0
BindFamily 0

Port 22

Delay 10000

MaxLineLength 32

MaxClients 4096

LogLevel 0

BindFamily 0

If you need to enable log, set LogLevel to 1.

Enable and restart endlessh

systemctl enable endlessh
systemctl start endlessh

1 2	systemctl enable endlessh systemctl start endlessh

Leave a Reply Cancel reply