Initial commit
This commit is contained in:
commit
fd6c0022d0
|
@ -0,0 +1,3 @@
|
|||
.dockerignore
|
||||
Dockerfile
|
||||
docker-compose.yaml
|
|
@ -0,0 +1,15 @@
|
|||
FROM golang:1.21.5 AS builder
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
COPY . .
|
||||
|
||||
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o ssh-honeypot .
|
||||
|
||||
FROM alpine:latest
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
COPY --from=builder /app/ssh-honeypot .
|
||||
|
||||
ENTRYPOINT ["./ssh-honeypot"]
|
|
@ -0,0 +1,5 @@
|
|||
services:
|
||||
ssh-honeypot:
|
||||
build: .
|
||||
ports:
|
||||
- "2222:22"
|
|
@ -0,0 +1,7 @@
|
|||
module ssh-honeypot
|
||||
|
||||
go 1.21.5
|
||||
|
||||
require golang.org/x/crypto v0.17.0
|
||||
|
||||
require golang.org/x/sys v0.15.0
|
|
@ -0,0 +1,6 @@
|
|||
golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
|
||||
golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
|
||||
golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
|
||||
golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
|
||||
golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
|
|
@ -0,0 +1,81 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"fmt"
|
||||
"log"
|
||||
"net"
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"golang.org/x/crypto/ssh"
|
||||
)
|
||||
|
||||
func main() {
|
||||
|
||||
port := 22
|
||||
|
||||
key, err := generateKeyPair()
|
||||
if err != nil {
|
||||
log.Fatalf("Failed to generate key pair: %v", err)
|
||||
}
|
||||
|
||||
config := &ssh.ServerConfig{
|
||||
PasswordCallback: func(c ssh.ConnMetadata, pass []byte) (*ssh.Permissions, error) {
|
||||
ip, _, err := net.SplitHostPort(c.RemoteAddr().String())
|
||||
if err != nil {
|
||||
ip = c.RemoteAddr().String()
|
||||
}
|
||||
log.Printf("[%s] \"honeypot connection attempt: ssh - %s - %s - %s\"\n", time.Now().Format("2006-01-02 15:04:05.000"), ip, c.User(), string(pass))
|
||||
return nil, fmt.Errorf("password rejected for %q", c.User())
|
||||
},
|
||||
}
|
||||
|
||||
config.AddHostKey(key)
|
||||
|
||||
// Listen on port 22
|
||||
listener, err := net.Listen("tcp", "0.0.0.0:"+strconv.Itoa(port))
|
||||
if err != nil {
|
||||
log.Fatalf("Failed to listen on port %d: %v", port, err)
|
||||
}
|
||||
log.Printf("Listening on port %d...", port)
|
||||
|
||||
for {
|
||||
conn, err := listener.Accept()
|
||||
if err != nil {
|
||||
log.Printf("Failed to accept incoming connection: %s", err)
|
||||
continue
|
||||
}
|
||||
|
||||
go handleConn(conn, config)
|
||||
}
|
||||
}
|
||||
|
||||
func generateKeyPair() (ssh.Signer, error) {
|
||||
// Generate a new RSA private key
|
||||
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Encode the private key to PEM format
|
||||
privateKeyPEM := pem.EncodeToMemory(&pem.Block{
|
||||
Type: "RSA PRIVATE KEY",
|
||||
Bytes: x509.MarshalPKCS1PrivateKey(privateKey),
|
||||
})
|
||||
|
||||
// Parse the PEM encoded private key to get an ssh.Signer
|
||||
signer, err := ssh.ParsePrivateKey(privateKeyPEM)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return signer, nil
|
||||
}
|
||||
|
||||
func handleConn(c net.Conn, config *ssh.ServerConfig) {
|
||||
ssh.NewServerConn(c, config)
|
||||
}
|
Loading…
Reference in New Issue