Stop SSH bruteforce with endlessh
Endlessh is an open source SSH trapit. It send slow random banner string to attacker, wasting their time.
Before you install endlessh, you need to change your SSH port to a higher non default port. To do this edit
1 |
vi /etc/ssh/sshd_config |
Find
1 |
Port 22 |
Replace with
1 |
Port YOUR_NEW_PORT_HERE |
If the line is commented with #, uncomment it.
Now you can install endlessh with
1 2 3 4 5 6 |
cd /usr/local/src git clone https://github.com/skeeto/endlessh cd /usr/local/src/endlessh make cp endlessh /usr/local/bin cp /usr/local/src/endlessh/util/endlessh.service /etc/systemd/system/ |
By default endlessh run on port 2222. To change it to port 22, edit file
1 |
vi /etc/systemd/system/endlessh.service |
Find
1 |
#AmbientCapabilities=CAP_NET_BIND_SERVICE |
Replace with
1 |
AmbientCapabilities=CAP_NET_BIND_SERVICE |
Find
1 |
PrivateUsers=true |
Replace with
1 |
#PrivateUsers=true |
Run
1 |
setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh |
Create endlessh configuration file
1 |
vi /etc/endlessh/config |
Add following content
1 2 3 4 5 6 |
Port 22 Delay 10000 MaxLineLength 32 MaxClients 4096 LogLevel 0 BindFamily 0 |
If you need to enable log, set LogLevel to 1.
Enable and restart endlessh
1 2 |
systemctl enable endlessh systemctl start endlessh |