OpenSSH Honeypot

This is a high interaction SSH honeypot based on OpenSSH. This honeypot will record the authentication informationm, requested environment and ssh transportation content in json format which can be easily imported to other analysis tools or databases.

Demo

How to build

Build commands in Ubuntu 20.04:

apt install gcc make autoconf libssl-dev zlib1g zlib1g-dev -y
git clone https://github.com/onlyvae/openssh-portable
cd openssh-portable
autoreconf
./configure
make

Note: if you are using Ubuntu 22.04, then you need to build the openssl 1.1 manually. Because in Ubuntu 22.04 the default version of libssl-dev is 3.0.

Data format

Json log file saved at /var/log/ssh.log. It contains following 9 fields:

Field	Note
`session`	Identify each SSH connection
`timestamp`	Timestamp
`src_ip`	Source IP
`src_port`	Source Port
`dst_ip`	Destination IP
`dst_port`	Destination Port
`comment`	Data comment. It can be "Client Version", "Password Authentication", Channel Data...
`channel`	SSH Channel ID
`payload`	Base64 encoded data, because there might be binary data

If you want to view the base64 decoded data in the terminal, you can base64 decode the payload field by jq. Eg:

cat /var/log/ssh.log|jq ". + {data: .payload|@base64d}

{
  "session": "b6f67c09625a533887c8620a143e7a270",
  "timestamp": "2023-07-13T03:34:36.896119",
  "src_ip": "192.168.88.1",
  "src_port": 62303,
  "dst_ip": "192.168.88.151",
  "dst_port": 2222,
  "comment": "Client Version",
  "channel": "-1",
  "payload": "U1NILTIuMC1PcGVuU1NIXzkuMA==",
  "data": "SSH-2.0-OpenSSH_9.0"
}
{
  "session": "b6f67c09625a533887c8620a143e7a270",
  "timestamp": "2023-07-13T03:34:46.457735",
  "src_ip": "192.168.88.1",
  "src_port": 62303,
  "dst_ip": "192.168.88.151",
  "dst_port": 2222,
  "comment": "Password Authentication",
  "channel": "-1",
  "payload": "cm9vdDoxMjM0NTY3OA==",
  "data": "root:12345678"
}
{
  "session": "b6f67c09625a533887c8620a143e7a270",
  "timestamp": "2023-07-13T03:34:50.063823",
  "src_ip": "192.168.88.1",
  "src_port": 62303,
  "dst_ip": "192.168.88.151",
  "dst_port": 2222,
  "comment": "Channel Request: exec",
  "channel": "0",
  "payload": "aWQ=",
  "data": "id"
}
{
  "session": "b6f67c09625a533887c8620a143e7a270",
  "timestamp": "2023-07-13T03:34:50.069398",
  "src_ip": "192.168.88.151",
  "src_port": 2222,
  "dst_ip": "192.168.88.1",
  "dst_port": 62303,
  "comment": "Channel Data: server [session]",
  "channel": "0",
  "payload": "dWlkPTAocm9vdCkgZ2lkPTAocm9vdCkgZ3JvdXBzPTAocm9vdCkK",
  "data": "uid=0(root) gid=0(root) groups=0(root)\n"
}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

OpenSSH Honeypot

Demo

How to build

Data format

About

Releases

Packages

Languages

Name		Name	Last commit message	Last commit date
Latest commit onlyvae OpenSSH Honeypot Jul 13, 2023 d47c354 · Jul 13, 2023 History 12,222 Commits
.github		.github
contrib		contrib
m4		m4
openbsd-compat		openbsd-compat
regress		regress
.depend		.depend
.git_allowed_signers		.git_allowed_signers
.git_allowed_signers.asc		.git_allowed_signers.asc
.gitignore		.gitignore
.skipped-commit-ids		.skipped-commit-ids
CREDITS		CREDITS
INSTALL		INSTALL
LICENCE		LICENCE
Makefile.in		Makefile.in
OVERVIEW		OVERVIEW
PROTOCOL		PROTOCOL
PROTOCOL.agent		PROTOCOL.agent
PROTOCOL.certkeys		PROTOCOL.certkeys
PROTOCOL.chacha20poly1305		PROTOCOL.chacha20poly1305
PROTOCOL.key		PROTOCOL.key
PROTOCOL.krl		PROTOCOL.krl
PROTOCOL.mux		PROTOCOL.mux
PROTOCOL.sshsig		PROTOCOL.sshsig
PROTOCOL.u2f		PROTOCOL.u2f
README		README
README.dns		README.dns
README.md		README.md
README.platform		README.platform
README.privsep		README.privsep
README.tun		README.tun
SECURITY.md		SECURITY.md
TODO		TODO
addr.c		addr.c
addr.h		addr.h
addrmatch.c		addrmatch.c
atomicio.c		atomicio.c
atomicio.h		atomicio.h
audit-bsm.c		audit-bsm.c
audit-linux.c		audit-linux.c
audit.c		audit.c
audit.h		audit.h
auth-bsdauth.c		auth-bsdauth.c
auth-krb5.c		auth-krb5.c
auth-options.c		auth-options.c
auth-options.h		auth-options.h
auth-pam.c		auth-pam.c
auth-pam.h		auth-pam.h
auth-passwd.c		auth-passwd.c
auth-rhosts.c		auth-rhosts.c
auth-shadow.c		auth-shadow.c
auth-sia.c		auth-sia.c
auth-sia.h		auth-sia.h
auth.c		auth.c
auth.h		auth.h
auth2-chall.c		auth2-chall.c
auth2-gss.c		auth2-gss.c
auth2-hostbased.c		auth2-hostbased.c
auth2-kbdint.c		auth2-kbdint.c
auth2-none.c		auth2-none.c
auth2-passwd.c		auth2-passwd.c
auth2-pubkey.c		auth2-pubkey.c
auth2-pubkeyfile.c		auth2-pubkeyfile.c
auth2.c		auth2.c
authfd.c		authfd.c
authfd.h		authfd.h
authfile.c		authfile.c
authfile.h		authfile.h
bitmap.c		bitmap.c
bitmap.h		bitmap.h
buildpkg.sh.in		buildpkg.sh.in
canohost.c		canohost.c
canohost.h		canohost.h
chacha.c		chacha.c
chacha.h		chacha.h
channels.c		channels.c
channels.h		channels.h
cipher-aes.c		cipher-aes.c
cipher-aesctr.c		cipher-aesctr.c
cipher-aesctr.h		cipher-aesctr.h
cipher-chachapoly-libcrypto.c		cipher-chachapoly-libcrypto.c
cipher-chachapoly.c		cipher-chachapoly.c
cipher-chachapoly.h		cipher-chachapoly.h
cipher.c		cipher.c
cipher.h		cipher.h
cleanup.c		cleanup.c
clientloop.c		clientloop.c
clientloop.h		clientloop.h
compat.c		compat.c
compat.h		compat.h
config.guess		config.guess
config.sub		config.sub
configure.ac		configure.ac
crypto_api.h		crypto_api.h
defines.h		defines.h
demo.gif		demo.gif
dh.c		dh.c
dh.h		dh.h
digest-libc.c		digest-libc.c
digest-openssl.c		digest-openssl.c
digest.h		digest.h
dispatch.c		dispatch.c
dispatch.h		dispatch.h
dns.c		dns.c
dns.h		dns.h
ed25519.c		ed25519.c
ed25519.sh		ed25519.sh
entropy.c		entropy.c
entropy.h		entropy.h
fatal.c		fatal.c
fixalgorithms		fixalgorithms
fixpaths		fixpaths
groupaccess.c		groupaccess.c
groupaccess.h		groupaccess.h
gss-genr.c		gss-genr.c
gss-serv-krb5.c		gss-serv-krb5.c
gss-serv.c		gss-serv.c
hash.c		hash.c
hmac.c		hmac.c
hmac.h		hmac.h
hostfile.c		hostfile.c
hostfile.h		hostfile.h
includes.h		includes.h
install-sh		install-sh
kex.c		kex.c
kex.h		kex.h
kexc25519.c		kexc25519.c
kexdh.c		kexdh.c
kexecdh.c		kexecdh.c
kexgen.c		kexgen.c
kexgex.c		kexgex.c
kexgexc.c		kexgexc.c
kexgexs.c		kexgexs.c
kexsntrup761x25519.c		kexsntrup761x25519.c
krl.c		krl.c
krl.h		krl.h
log.c		log.c
log.h		log.h
loginrec.c		loginrec.c
loginrec.h		loginrec.h
logintest.c		logintest.c
mac.c		mac.c
mac.h		mac.h
match.c		match.c
match.h		match.h
mdoc2man.awk		mdoc2man.awk
misc.c		misc.c
misc.h		misc.h
mkinstalldirs		mkinstalldirs
moduli		moduli
moduli.5		moduli.5
moduli.c		moduli.c
monitor.c		monitor.c
monitor.h		monitor.h
monitor_fdpass.c		monitor_fdpass.c
monitor_fdpass.h		monitor_fdpass.h
monitor_wrap.c		monitor_wrap.c
monitor_wrap.h		monitor_wrap.h
msg.c		msg.c
msg.h		msg.h
mux.c		mux.c
myproposal.h		myproposal.h
nchan.c		nchan.c
nchan.ms		nchan.ms
nchan2.ms		nchan2.ms
openssh.xml.in		openssh.xml.in
opensshd.init.in		opensshd.init.in
packet.c		packet.c
packet.h		packet.h
pathnames.h		pathnames.h
pkcs11.h		pkcs11.h
platform-misc.c		platform-misc.c
platform-pledge.c		platform-pledge.c
platform-tracing.c		platform-tracing.c
platform.c		platform.c
platform.h		platform.h
poly1305.c		poly1305.c
poly1305.h		poly1305.h
progressmeter.c		progressmeter.c
progressmeter.h		progressmeter.h
readconf.c		readconf.c
readconf.h		readconf.h
readpass.c		readpass.c
rijndael.c		rijndael.c
rijndael.h		rijndael.h
sandbox-capsicum.c		sandbox-capsicum.c
sandbox-darwin.c		sandbox-darwin.c
sandbox-null.c		sandbox-null.c
sandbox-pledge.c		sandbox-pledge.c
sandbox-rlimit.c		sandbox-rlimit.c
sandbox-seccomp-filter.c		sandbox-seccomp-filter.c
sandbox-solaris.c		sandbox-solaris.c
sandbox-systrace.c		sandbox-systrace.c
scp.1		scp.1
scp.c		scp.c
servconf.c		servconf.c
servconf.h		servconf.h
serverloop.c		serverloop.c
serverloop.h		serverloop.h
session.c		session.c
session.h		session.h
sftp-client.c		sftp-client.c
sftp-client.h		sftp-client.h
sftp-common.c		sftp-common.c
sftp-common.h		sftp-common.h
sftp-glob.c		sftp-glob.c
sftp-realpath.c		sftp-realpath.c
sftp-server-main.c		sftp-server-main.c
sftp-server.8		sftp-server.8
sftp-server.c		sftp-server.c
sftp-usergroup.c		sftp-usergroup.c
sftp-usergroup.h		sftp-usergroup.h
sftp.1		sftp.1
sftp.c		sftp.c
sftp.h		sftp.h
sk-api.h		sk-api.h
sk-usbhid.c		sk-usbhid.c
smult_curve25519_ref.c		smult_curve25519_ref.c
sntrup761.c		sntrup761.c
sntrup761.sh		sntrup761.sh
srclimit.c		srclimit.c
srclimit.h		srclimit.h
ssh-add.1		ssh-add.1
ssh-add.c		ssh-add.c
ssh-agent.1		ssh-agent.1
ssh-agent.c		ssh-agent.c
ssh-dss.c		ssh-dss.c
ssh-ecdsa-sk.c		ssh-ecdsa-sk.c
ssh-ecdsa.c		ssh-ecdsa.c
ssh-ed25519-sk.c		ssh-ed25519-sk.c
ssh-ed25519.c		ssh-ed25519.c
ssh-gss.h		ssh-gss.h
ssh-keygen.1		ssh-keygen.1
ssh-keygen.c		ssh-keygen.c
ssh-keyscan.1		ssh-keyscan.1
ssh-keyscan.c		ssh-keyscan.c
ssh-keysign.8		ssh-keysign.8
ssh-keysign.c		ssh-keysign.c
ssh-pkcs11-client.c		ssh-pkcs11-client.c
ssh-pkcs11-helper.8		ssh-pkcs11-helper.8
ssh-pkcs11-helper.c		ssh-pkcs11-helper.c
ssh-pkcs11.c		ssh-pkcs11.c
ssh-pkcs11.h		ssh-pkcs11.h
ssh-rsa.c		ssh-rsa.c
ssh-sandbox.h		ssh-sandbox.h
ssh-sk-client.c		ssh-sk-client.c
ssh-sk-helper.8		ssh-sk-helper.8
ssh-sk-helper.c		ssh-sk-helper.c
ssh-sk.c		ssh-sk.c
ssh-sk.h		ssh-sk.h
ssh-xmss.c		ssh-xmss.c
ssh.1		ssh.1
ssh.c		ssh.c
ssh.h		ssh.h
ssh2.h		ssh2.h
ssh_api.c		ssh_api.c
ssh_api.h		ssh_api.h
ssh_config		ssh_config
ssh_config.5		ssh_config.5
sshbuf-getput-basic.c		sshbuf-getput-basic.c
sshbuf-getput-crypto.c		sshbuf-getput-crypto.c
sshbuf-io.c		sshbuf-io.c
sshbuf-misc.c		sshbuf-misc.c
sshbuf.c		sshbuf.c
sshbuf.h		sshbuf.h
sshconnect.c		sshconnect.c
sshconnect.h		sshconnect.h
sshconnect2.c		sshconnect2.c
sshd.8		sshd.8
sshd.c		sshd.c
sshd_config		sshd_config
sshd_config.5		sshd_config.5
ssherr.c		ssherr.c
ssherr.h		ssherr.h
sshkey-xmss.c		sshkey-xmss.c
sshkey-xmss.h		sshkey-xmss.h
sshkey.c		sshkey.c
sshkey.h		sshkey.h
sshlogin.c		sshlogin.c
sshlogin.h		sshlogin.h
sshpty.c		sshpty.c
sshpty.h		sshpty.h
sshsig.c		sshsig.c
sshsig.h		sshsig.h
sshtty.c		sshtty.c
survey.sh.in		survey.sh.in
ttymodes.c		ttymodes.c
ttymodes.h		ttymodes.h
uidswap.c		uidswap.c
uidswap.h		uidswap.h
umac.c		umac.c
umac.h		umac.h
umac128.c		umac128.c
utf8.c		utf8.c
utf8.h		utf8.h
version.h		version.h
xmalloc.c		xmalloc.c
xmalloc.h		xmalloc.h
xmss_commons.c		xmss_commons.c
xmss_commons.h		xmss_commons.h
xmss_fast.c		xmss_fast.c
xmss_fast.h		xmss_fast.h
xmss_hash.c		xmss_hash.c
xmss_hash.h		xmss_hash.h
xmss_hash_address.c		xmss_hash_address.c
xmss_hash_address.h		xmss_hash_address.h
xmss_wots.c		xmss_wots.c
xmss_wots.h		xmss_wots.h

License

onlyvae/openssh-portable

Folders and files

Latest commit

History

Repository files navigation

OpenSSH Honeypot

Demo

How to build

Data format

About

Resources

License

Security policy

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages