User Tools

Site Tools


Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
en:howto:ssh_honeypot [2018/01/12 14:04]
vmyslivec [Installation] use english version of project.turris.cz link
en:howto:ssh_honeypot [2018/02/19 13:35] (current)
nkoranova
Line 6: Line 6:
 ==== Background ==== ==== Background ====
  
-SSH is **one of the most common protocols** in the world for securely connecting to other machines, which run an SSH server. An **SSH server is enabled on pretty much every home router** and often without the user’s awareness. Sometimes Telnet is enabled instead of the SSH server, which is much worse security-wisebecause it **sends and receives data in plaintext**.+SSH is **one of the most common protocols** in the world for securely connecting to other machines, which run an SSH server. An **SSH server is enabled on pretty much every home router** and often without the user’s awareness. Sometimes Telnet is enabled instead of the SSH server, which is much worse security-wise because it **sends and receives data in plaintext**.
  
 Because manufacturers very rarely update their firmware, the chances that you are running an outdated and vulnerable version of the SSH server are really high. From time to time news is released about new CVEs (Common Vulnerabilities and Exposures), such as #sambacry and #dirtycow. Most of the time, manufacturers don’t care if there is a security issue or even a back door and instead of trying to keep up an old device, the manufacturer will usually tell you to buy a new one. We want to change this with Turris Omnia. Because manufacturers very rarely update their firmware, the chances that you are running an outdated and vulnerable version of the SSH server are really high. From time to time news is released about new CVEs (Common Vulnerabilities and Exposures), such as #sambacry and #dirtycow. Most of the time, manufacturers don’t care if there is a security issue or even a back door and instead of trying to keep up an old device, the manufacturer will usually tell you to buy a new one. We want to change this with Turris Omnia.
Line 15: Line 15:
  
   * From which IP address the attacker logged in   * From which IP address the attacker logged in
-  * Credentials he used to login+  * Credentials he used to log in
   * Attacker behavior   * Attacker behavior
   * The scripts, which the attacker ran in the honeypot   * The scripts, which the attacker ran in the honeypot
Line 46: Line 46:
 ===== Move the SSH server to a port for remote administration ===== ===== Move the SSH server to a port for remote administration =====
  
-If you use SSH for remote access to your router, you need to redirect port 22 to a different port, otherwise you will be connected to the honeypot. Changing the SSH port can be a simple protection against intrusion attempts. Don't forget to use a strong password or use a public key for logging in.  ​+If you use SSH for remote access to your router, you need to redirect port 22 to a different port, otherwiseyou will be connected to the honeypot. Changing the SSH port can be a simple protection against intrusion attempts. Don't forget to use a strong password or use a public key for logging in.  ​
  
 You just need to add port forwarding with the following settings: You just need to add port forwarding with the following settings:
Line 57: Line 57:
  
 <WRAP center important 80%> <WRAP center important 80%>
-**If you don't fill out the port of your SSH connection, the default port (which is 22) will be used and you will be connected to the honeypot, which could record your password!** For this reason it is better to login with a public key.+**If you don't fill out the port of your SSH connection, the default port (which is 22) will be used and you will be connected to the honeypot, which could record your password!** For this reason it is better to log in with a public key.
 </​WRAP>​ </​WRAP>​