GNU bug report logs - #39136
[PATCH] gnu: services: Add endlessh.

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix-patches; Reported by: anothersms@HIDDEN (Nicolò Balzarotti); Keywords: patch; dated Tue, 14 Jan 2020 21:22:01 UTC; Maintainer for guix-patches is guix-patches@HIDDEN.

Message received at submit <at>

Received: (at submit) by; 14 Jan 2020 21:21:40 +0000
From debbugs-submit-bounces <at> Tue Jan 14 16:21:40 2020
Received: from localhost ([]:33654
	by with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at>>)
	id 1irTd5-0006x8-GQ
	for submit <at>; Tue, 14 Jan 2020 16:21:40 -0500
Received: from ([]:48207)
 by with esmtp (Exim 4.84_2)
 (envelope-from <anothersms@HIDDEN>) id 1irTd3-0006x1-GU
 for submit <at>; Tue, 14 Jan 2020 16:21:38 -0500
Received: from ([2001:470:142:3::10]:49091)
 by with esmtp (Exim 4.90_1)
 (envelope-from <anothersms@HIDDEN>) id 1irTd1-00044c-VB
 for guix-patches@HIDDEN; Tue, 14 Jan 2020 16:21:37 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_40,FREEMAIL_FROM,
 URIBL_BLOCKED autolearn=disabled version=3.3.2
Received: from Debian-exim by with spam-scanned (Exim 4.71)
 (envelope-from <anothersms@HIDDEN>) id 1irTd0-0007ZX-7Z
 for guix-patches@HIDDEN; Tue, 14 Jan 2020 16:21:35 -0500
Received: from ([2a00:1450:4864:20::335]:53302)
 by with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <anothersms@HIDDEN>)
 id 1irTcz-0007Yj-VI
 for guix-patches@HIDDEN; Tue, 14 Jan 2020 16:21:34 -0500
Received: by with SMTP id m24so15504159wmc.3
 for <guix-patches@HIDDEN>; Tue, 14 Jan 2020 13:21:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025;
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025;
X-Gm-Message-State: APjAAAVPIE4AxYWmtONB9Vedm8IZtWtqoaLGLBydJ7U8lsj1IxJduTbc
X-Google-Smtp-Source: APXvYqywVcVDmddYzLVeEd+Ceux2ffMJB+Z0L43Jx7MYr1CoTcaKEmIdP7wc1snXzxB5P2WeWmgxAw==
X-Received: by 2002:a1c:740b:: with SMTP id p11mr31139307wmc.78.1579036891695; 
 Tue, 14 Jan 2020 13:21:31 -0800 (PST)
Received: from guixSD (
 by with ESMTPSA id n10sm21160533wrt.14.2020.
 for <guix-patches@HIDDEN>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 14 Jan 2020 13:21:30 -0800 (PST)
From: anothersms@HIDDEN (=?utf-8?Q?Nicol=C3=B2?= Balzarotti)
To: guix-patches@HIDDEN
Subject: [PATCH] gnu: services: Add endlessh.
Date: Tue, 14 Jan 2020 22:21:29 +0100
Message-ID: <874kwx91k6.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-detected-operating-system: by Genre and OS details not
X-Received-From: 2a00:1450:4864:20::335
X-Spam-Score: 2.5 (++)
X-Spam-Report: Spam detection software, running on the system "",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: Hello guix! This is my first service :) I know I still miss
 documentation and tests, but before diving into it I wanted a general feedback
 on it (so that if we decide to change something I don't have to adjust th
 [...] Content analysis details:   (2.5 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 blocked.  See
 for more information. [URIs:]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 1.9 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
 [URI: (xyz)]
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider (anothersms[at]
 1.0 SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
 -2.3 RCVD_IN_DNSWL_MED      RBL: Sender listed at,
 medium trust [ listed in]
 2.0 SPOOFED_FREEMAIL       No description available.
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at>
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <>
List-Unsubscribe: <>, 
 <mailto:debbugs-submit-request <at>>
List-Archive: <>
List-Post: <mailto:debbugs-submit <at>>
List-Help: <mailto:debbugs-submit-request <at>>
List-Subscribe: <>, 
 <mailto:debbugs-submit-request <at>>
Errors-To: debbugs-submit-bounces <at>
Sender: "Debbugs-submit" <debbugs-submit-bounces <at>>
X-Spam-Score: -0.5 (/)

Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hello guix!

This is my first service :) I know I still miss documentation and tests,
but before diving into it I wanted a general feedback on it (so that if
we decide to change something I don't have to adjust the docs and the
tests twice).

Endlessh is already in the repo, but for those who don't know: it's a
fake ssh server; it should be used to prevent bruteforce attacks and the
like by "freezing" the connection on the standard port (while the real
ssh server is on another non-standard port).  So, I don't know if as
default port should be 22 or, as it is now, 2222 (program's default).

My second doubt is regarding the place; it's an ssh server, but its main
purpose is for security? Maybe should go under admin.scm? I'm not sure

Last thing: bind-family as a list of allowed values is a suggetion from
IRC @leoprikler. Thanks for your help there!

Waiting for your feedback,


Content-Type: text/x-patch
Content-Disposition: attachment;

From 63f975ec47de8ab951beaac6781327faf06d0cac Mon Sep 17 00:00:00 2001
From: nixo <nicolo@HIDDEN>
Date: Tue, 14 Jan 2020 22:08:15 +0100
Subject: [PATCH] gnu: services: Add endlessh.

* gnu/services/ssh.scm (endlessh): New variable.
 gnu/services/ssh.scm | 74 +++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 73 insertions(+), 1 deletion(-)

diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index d2dbb8f80d..d2729fb059 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -45,7 +45,11 @@
-            dropbear-service))
+            dropbear-service
+            endlessh-configuration
+            endlessh-configuration?
+            endlessh-service-type))
 ;;; Commentary:
@@ -628,4 +632,72 @@ daemon} with the given @var{config}, a @code{<dropbear-configuration>}
   (service dropbear-service-type config))
+;;; Endlessh.
+(define-record-type* <endlessh-configuration>
+  endlessh-configuration make-endlessh-configuration
+  endlessh-configuration?
+  ;; list of two symbols, allowed values are ipv4, ipv6 or both
+  (bind-family endlessh-configuration-bind-family (default '(ipv4 ipv6)))
+  ;; integer
+  (delay endlessh-configuration-delay (default 10000))
+  ;; integer
+  ;; Must be in the range
+  (length endlessh-configuration-length (default 32))
+  ;; integer
+  (max-clients endlessh-configuration-max-clients (default 4096))
+  ;; integer
+  (port-number endlessh-configuration-port-number (default 2222))
+  ;; integer
+  ;; Allowed values are 0, 1 and 2
+  (log-level endlessh-configuration-log-level (default 0)))
+(define (endlessh-config->conf config)
+  "Convert the CONFIG of type <endlessh-config> to a config file."
+  (let* ((family (endlessh-configuration-bind-family config))
+	 (ipv4 (member 'ipv4 family))
+	 (ipv6 (member 'ipv6 family))
+	 (port (endlessh-configuration-port-number config))
+	 (delay (endlessh-configuration-delay config))
+	 (length (endlessh-configuration-length config))
+	 (log-level (endlessh-configuration-log-level config))
+	 (max-clients (endlessh-configuration-max-clients config))
+	 (bind
+	  ;; check if both are true (0), or only one of them is present
+	  (if (not (and (equal? ipv4 ipv6) ipv4))
+	      (if ipv4 4
+		  (if ipv6 6
+		      (throw 'endlessh-error
+			     "bind-family must contain at least one value")))
+	      0)))
+    (mixed-text-file "endlessh.conf"
+		     "# Generated by 'endlessh-config'.\n\n"
+		     "Port " (number->string port) "\n"
+		     "Delay " (number->string delay) "\n"
+		     "MaxLineLength " (number->string length) "\n"
+		     "MaxClients " (number->string max-clients) "\n"
+		     "LogLevel " (number->string log-level) "\n"
+		     "BindFamily " (number->string bind) "\n")))
+(define (endlessh-shepherd-service config)
+  (shepherd-service
+   (documentation "Run endlessh tarpit server.")
+   (provision '(endlessh))
+   (start #~(make-forkexec-constructor
+	     (list #$(file-append endlessh "/bin/endlessh")
+		   "-f" #$(endlessh-config->conf config))))
+   (stop  #~(make-kill-destructor))))
+(define endlessh-service-type
+  (service-type
+   (name 'endlessh)
+   (description "Run endlessh tarpit server.")
+   (extensions
+    (list (service-extension shepherd-root-service-type
+                             (compose list endlessh-shepherd-service))))
+   (default-value (endlessh-configuration))))
 ;;; ssh.scm ends here


Acknowledgement sent to anothersms@HIDDEN (Nicolò Balzarotti):
New bug report received and forwarded. Copy sent to guix-patches@HIDDEN. Full text available.
Report forwarded to guix-patches@HIDDEN:
bug#39136; Package guix-patches. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Tue, 14 Jan 2020 21:30:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.