An ssh Tarpit with Endlessh

Endlessh is an ssh tarpit from https://github.com/skeeto/endlessh.
A detailed write up from Chris Wellons is available at: https://nullprogram.com/

As described, Endlessh is an SSH tarpit that very slowly sends an endless, random SSH banner. It can keep SSH clients locked up for hours or even days at a time. The purpose is to put your real SSH server on another port and then let the script kiddies get stuck in this tarpit instead of bothering a real server.

I prefer to my run ssh on alternative port primarily to keep logs clean from the unavoidable port scans and brute force efforts. These are easily dealt with by using a tool like Fail2ban (https://github.com/fail2ban/fail2ban/releases).

I was curious to see Endlessh in use on the standard ssh port (22) to see the volume of attempts and the success level of the tarpit. On a VPS running CentOS 7, I cloned the repository and quickly had the tarpit running.

$ git clone https://github.com/skeeto/endlessh.git
$ cd endlessh
$ make
$ ./endlessh -p 22 -v 
The requests began rolling in immediately

An impressive and yet simple to implement tarpit for ssh.

Note: Please review any code from github or any other source prior to installation.

Leave a Reply

Your email address will not be published. Required fields are marked *