Endlessh is an open source SSH trapit. It send slow random banner string to attacker, wasting their time.
Before you install endlessh, you need to change your SSH port to a higher non default port. To do this edit
vi /etc/ssh/sshd_config
Find
Port 22
Replace with
Port YOUR_NEW_PORT_HERE
If the line is commented with #, uncomment it.
Now you can install endlessh with
cd /usr/local/src git clone https://github.com/skeeto/endlessh cd /usr/local/src/endlessh make cp endlessh /usr/local/bin cp /usr/local/src/endlessh/util/endlessh.service /etc/systemd/system/
By default endlessh run on port 2222. To change it to port 22, edit file
vi /etc/systemd/system/endlessh.service
Find
#AmbientCapabilities=CAP_NET_BIND_SERVICE
Replace with
AmbientCapabilities=CAP_NET_BIND_SERVICE
Find
PrivateUsers=true
Replace with
#PrivateUsers=true
Run
setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh
Create endlessh configuration file
vi /etc/endlessh/config
Add following content
Port 22 Delay 10000 MaxLineLength 32 MaxClients 4096 LogLevel 0 BindFamily 0
If you need to enable log, set LogLevel to 1.
Enable and restart endlessh
systemctl enable endlessh systemctl start endlessh
Leave a Reply