Tag: attack

  • Stop SSH bruteforce with endlessh

    Endlessh is an open source SSH trapit. It send slow random banner string to attacker, wasting their time.

    Before you install endlessh, you need to change your SSH port to a higher non default port. To do this edit

    vi /etc/ssh/sshd_config
    

    Find

    Port 22
    

    Replace with

    Port YOUR_NEW_PORT_HERE
    

    If the line is commented with #, uncomment it.

    Now you can install endlessh with

    cd /usr/local/src
    git clone https://github.com/skeeto/endlessh
    cd /usr/local/src/endlessh
    make
    cp endlessh /usr/local/bin
    cp /usr/local/src/endlessh/util/endlessh.service /etc/systemd/system/
    

    By default endlessh run on port 2222. To change it to port 22, edit file

    vi /etc/systemd/system/endlessh.service
    

    Find

    #AmbientCapabilities=CAP_NET_BIND_SERVICE
    

    Replace with

    AmbientCapabilities=CAP_NET_BIND_SERVICE
    

    Find

    PrivateUsers=true
    

    Replace with

    #PrivateUsers=true
    

    Run

    setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh
    

    Create endlessh configuration file

    vi /etc/endlessh/config
    

    Add following content

    Port 22
    Delay 10000
    MaxLineLength 32
    MaxClients 4096
    LogLevel 0
    BindFamily 0
    

    If you need to enable log, set LogLevel to 1.

    Enable and restart endlessh

    systemctl enable endlessh
    systemctl start endlessh