Received: (at 39136) by debbugs.gnu.org; 1 Sep 2023 18:42:31 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Sep 01 14:42:30 2023 Received: from localhost ([127.0.0.1]:33864 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1qc96E-0002jS-Ky for submit <at> debbugs.gnu.org; Fri, 01 Sep 2023 14:42:30 -0400 Received: from mx1.dismail.de ([78.46.223.134]:17188) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <jbranso@HIDDEN>) id 1qc96B-0002jC-Re for 39136 <at> debbugs.gnu.org; Fri, 01 Sep 2023 14:42:29 -0400 Received: from mx1.dismail.de (localhost [127.0.0.1]) by mx1.dismail.de (OpenSMTPD) with ESMTP id f80fdf19; Fri, 1 Sep 2023 20:42:11 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h= mime-version:date:content-type:content-transfer-encoding:from :message-id:subject:to:cc:in-reply-to:references; s=20190914; bh=h8xhtIFYPFS0cSElRFpwcxooaRLnc2j540NozqXI5vA=; b=E8zzAJS0Myh9 RXFMEfvhyCEAUO+3WNtUTqGSd48pZ6JFLkILOD6hPybhZ18ewISnr3W496tHr1DI CkOltbS0ltd3wabfRPdjU3rfILDqDP2FMlxk7RMmJRcpfgLA+hCU6SLzj+3MnBF3 IeiCp7/hsbVUHO03sP4/CdbLvbXaWUiD2+x9sbriEV09x/HuXXm4kJ8bdWI3CR7O 7vIwwQA8t/4VJb7PxfR5YupuHGM5zM1JecegmI/KJXmSsSS0y5dCuMdW9+RooENU LdiEsDDaQKBF/Dkf0zNEuj7IkGiw/K4/mvCngVPmpucjsWv74BgAKCLPSQdzuCFR p0mlL5xdug== Received: from smtp1.dismail.de (<unknown> [10.240.26.11]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 44a12299; Fri, 1 Sep 2023 20:42:10 +0200 (CEST) Received: from smtp1.dismail.de (localhost [127.0.0.1]) by smtp1.dismail.de (OpenSMTPD) with ESMTP id 15de4efe; Fri, 1 Sep 2023 20:42:10 +0200 (CEST) Received: by dismail.de (OpenSMTPD) with ESMTPSA id eb95af2f (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Fri, 1 Sep 2023 20:42:10 +0200 (CEST) MIME-Version: 1.0 Date: Fri, 01 Sep 2023 18:42:09 +0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: RainLoop/1.17.0 From: jbranso@HIDDEN Message-ID: <8e02c5bdc649f9d24708090e1217125e@HIDDEN> Subject: Re: bug#39136: [PATCH] gnu: services: Add endlessh. To: "Maxim Cournoyer" <maxim.cournoyer@HIDDEN> In-Reply-To: <875y4u7h69.fsf_-_@HIDDEN> References: <875y4u7h69.fsf_-_@HIDDEN> <874kwx91k6.fsf@HIDDEN> <87a6r39ksa.fsf@HIDDEN> <87h7l7kt9r.fsf_-_@HIDDEN> <87zgyv2fjd.fsf_-_@HIDDEN> <878s5ymb08.fsf_-_@HIDDEN> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 39136 Cc: Oleg Pykhalov <go.wigust@HIDDEN>, 39136 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) August 31, 2023 10:37 PM, "Maxim Cournoyer" <maxim.cournoyer@HIDDEN> w= rote: > Hello, >=20 >=20Joshua Branson <jbranso@HIDDEN> writes: >=20 >>=20Oleg Pykhalov <go.wigust@HIDDEN> writes: >>=20 >>>=20Hello, >>>=20 >>>=20I failed to test endlessh with "services: containerized endlessh" p= atch >>> in a virtual machine. Unfortunately at the moment I'm not familiar wi= th >>> =E2=80=98make-forkexec-constructor/container=E2=80=99 machinery, and = have no idea about >>> that causing the issue of boot hang. Failed VM config in attachment. >>>=20 >>>=20I succeeded to test without "services: containerized endlessh". If = wish >>> to fix a problem, ping me then you done. Otherwise I could push a >>> working version without containerization. >>=20 >>=20Oh, I suppose that I will try to get containerization working on thi= s >> service. I'd prefer to have it containerized, since it is running as >> root. >=20 >=20This was 2 years ago :-). Any update? If you are ok with a non-containerized endlessh, then I can submit a patc= h=20 adding=20that. Endlessh works on guix system, but I was not able to get the containerized version working. >=20 >=20-- > Thanks, > Maxim
guix-patches@HIDDEN:bug#39136; Package guix-patches.
Full text available.Maxim Cournoyer <maxim.cournoyer@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.Received: (at 39136) by debbugs.gnu.org; 1 Sep 2023 02:37:21 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Aug 31 22:37:20 2023 Received: from localhost ([127.0.0.1]:59544 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1qbu2C-0003LL-K2 for submit <at> debbugs.gnu.org; Thu, 31 Aug 2023 22:37:20 -0400 Received: from mail-qv1-xf2d.google.com ([2607:f8b0:4864:20::f2d]:53741) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>) id 1qbu2A-0003L6-RY for 39136 <at> debbugs.gnu.org; Thu, 31 Aug 2023 22:37:19 -0400 Received: by mail-qv1-xf2d.google.com with SMTP id 6a1803df08f44-64aaf3c16c2so8543316d6.3 for <39136 <at> debbugs.gnu.org>; Thu, 31 Aug 2023 19:37:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1693535824; x=1694140624; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:user-agent:message-id :in-reply-to:date:references:subject:cc:to:from:from:to:cc:subject :date:message-id:reply-to; bh=u+D86msENzAWpfFA/SRLPIM/0lrkCccnXQzn4U8USiE=; b=eOJO1XjxPmk1fZiYa0j8QAB/6RLQB254BlC3owMUye4oEHPJ/BNvV046LRthuY9grk TMkAqNfXntGUWGS4JnBsGedDM3gycvcJedFGP9HBnnQb2FY5XYo+Bg2tv6r4UzsmP7fD jML3xecZ7pCRmfWVIEV03yvHmpAy0BhfYVQgoyhOGgS9TbxQMjzaZPM/pLL2dIy28c0I 2GJQ6sOPaDxyNaxrIZkhZX1ERjhk/mNFVpZybtCiJiEh7XIo4v6VVWzJCvBdK2MPdI6/ i65ajs6fOKLcQ+5F8uAfDrpdvn8tfsbpihRMAdJf9Q3qIU6Ib+YE3Sfgcd13ikdGidLI FL4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1693535824; x=1694140624; h=content-transfer-encoding:mime-version:user-agent:message-id :in-reply-to:date:references:subject:cc:to:from:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=u+D86msENzAWpfFA/SRLPIM/0lrkCccnXQzn4U8USiE=; b=ZAi66wSGTrGKpDAtsg0G8RloxPEe8YTmljCtS4tXFzmcS8uvu2SlW2PQjUzbyt8lOX enwDPJ+xemlg+ddTk6Aosimdni34HPblNttQal1GvK+qMDjD1+K4QsKv+nl99SYeXXUB MzfZBHyd1htTOjrRwC6I5gSnFphVn59RRTwB+gUyu2mLounixxwSa3fuNZP24g18SdTL WaiISWbsZBkfGcW2OkAzPS4CyMvLA+tvI5fMOXvc+A5RzOBVfZSkEruKRS6li3DSbXRr pIkTgmk+kNFImixDLDroPpFIEocFuiYa0A5yDaW5Owy3taaxYlvR41RZEkvfkpmG5Uvd Y1/w== X-Gm-Message-State: AOJu0Yz+eVZdvp7zX1VvP3c2Q52WC5+qbZwqHoEHq1F1VuNEVnxyouSj w//QpBw8djvQBZ8SnlndIggcv09tC90= X-Google-Smtp-Source: AGHT+IH95MoBmAVOB5m0oFSwxy5rqYePcaPlDxWfRVH7koIP1L2Vqs0W8CHSgU072TazOzLReKWdWA== X-Received: by 2002:a0c:e084:0:b0:649:af66:e828 with SMTP id l4-20020a0ce084000000b00649af66e828mr1070183qvk.45.1693535824279; Thu, 31 Aug 2023 19:37:04 -0700 (PDT) Received: from hurd (dsl-10-128-23.b2b2c.ca. [72.10.128.23]) by smtp.gmail.com with ESMTPSA id u12-20020a0cdd0c000000b0064f5d312babsm1096135qvk.46.2023.08.31.19.37.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 31 Aug 2023 19:37:03 -0700 (PDT) From: Maxim Cournoyer <maxim.cournoyer@HIDDEN> To: Joshua Branson <jbranso@HIDDEN> Subject: Re: bug#39136: [PATCH] gnu: services: Add endlessh. References: <874kwx91k6.fsf@HIDDEN> <87a6r39ksa.fsf@HIDDEN> <87h7l7kt9r.fsf_-_@HIDDEN> <87zgyv2fjd.fsf_-_@HIDDEN> <878s5ymb08.fsf_-_@HIDDEN> Date: Thu, 31 Aug 2023 22:37:02 -0400 In-Reply-To: <878s5ymb08.fsf_-_@HIDDEN> (Joshua Branson's message of "Sun, 04 Apr 2021 09:31:51 -0400") Message-ID: <875y4u7h69.fsf_-_@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 39136 Cc: Oleg Pykhalov <go.wigust@HIDDEN>, 39136 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Hello, Joshua Branson <jbranso@HIDDEN> writes: > Oleg Pykhalov <go.wigust@HIDDEN> writes: > >> Hello, >> >> I failed to test endlessh with "services: containerized endlessh" patch >> in a virtual machine. Unfortunately at the moment I'm not familiar with >> =E2=80=98make-forkexec-constructor/container=E2=80=99 machinery, and hav= e no idea about >> that causing the issue of boot hang. Failed VM config in attachment. >> >> >> >> >> I succeeded to test without "services: containerized endlessh". If wish >> to fix a problem, ping me then you done. Otherwise I could push a >> working version without containerization. > > Oh, I suppose that I will try to get containerization working on this > service. I'd prefer to have it containerized, since it is running as > root. This was 2 years ago :-). Any update? --=20 Thanks, Maxim
guix-patches@HIDDEN:bug#39136; Package guix-patches.
Full text available.
Received: (at 39136) by debbugs.gnu.org; 30 Sep 2022 17:08:55 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Sep 30 13:08:55 2022
Received: from localhost ([127.0.0.1]:42828 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1oeJVO-00058Y-ES
for submit <at> debbugs.gnu.org; Fri, 30 Sep 2022 13:08:54 -0400
Received: from mx1.dismail.de ([78.46.223.134]:43699)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <jbranso@HIDDEN>) id 1oeJVM-00058E-4U
for 39136 <at> debbugs.gnu.org; Fri, 30 Sep 2022 13:08:52 -0400
Received: from mx1.dismail.de (localhost [127.0.0.1])
by mx1.dismail.de (OpenSMTPD) with ESMTP id b1bcbc06;
Fri, 30 Sep 2022 19:08:46 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=from:to:cc
:subject:date:message-id:mime-version:content-type
:content-transfer-encoding; s=20190914; bh=6rExRGHV+rkNfS7vfCoI2
Jkf0qPhceIpJni39TCgutA=; b=jcuzMmy3NBnzdjfepRP/pvdBJFUhdgp5OQ8w9
K/2NxOO+cr7qGxn/1yMnneHxE4eQ89YDl14IHRDmEhGVxRs8G/dzBq1S0Nti1ODd
yKXy56gU3yfuJR+T5Q2drxCG6eiEZWVK/VXtsXtl0P6svbWGYEhRB3NGmsxLkSI8
qH+gypp73cq5iyuFJq1qxWwQgn6Of4J7RpcLh0gbriSCGlivqw8vkLNmYJ3n7u7W
scoaF8qU8ZmlLBnbI6NUedIyZhiVupVaEBygskqvxCec/jUJg/56lLAbrOrK3dND
QAkb9CC+RNMsGyi23G8rJQdafOLW7BN4oyvbjXxi9fIM8tWVw==
Received: from smtp2.dismail.de (<unknown> [10.240.26.12])
by mx1.dismail.de (OpenSMTPD) with ESMTP id 74520a27;
Fri, 30 Sep 2022 19:08:45 +0200 (CEST)
Received: from smtp2.dismail.de (localhost [127.0.0.1])
by smtp2.dismail.de (OpenSMTPD) with ESMTP id fa4e56ec;
Fri, 30 Sep 2022 19:08:45 +0200 (CEST)
Received: by dismail.de (OpenSMTPD) with ESMTPSA id 58f8398c
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO);
Fri, 30 Sep 2022 19:08:44 +0200 (CEST)
From: Joshua Branson <jbranso@HIDDEN>
To: 39136 <at> debbugs.gnu.org
Subject: [PATCH] * gnu: endlessh: new service
Date: Fri, 30 Sep 2022 13:08:36 -0400
Message-Id: <20220930170836.26828-1-jbranso@HIDDEN>
X-Mailer: git-send-email 2.37.3
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: From: Nicolò Balzarotti <nicolo@HIDDEN> * gnu/services/ssh.scm:
Add endlessh service endlessh-configuration>): New record type. (endlessh-config->conf,
endlessh-shepherd-service, endlessh-service-type): New procedures.
Content analysis details: (1.3 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/,
low trust
[78.46.223.134 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: nixo.xyz (xyz)]
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
X-Debbugs-Envelope-To: 39136
Cc: ludo@HIDDEN, =?UTF-8?q?Nicol=C3=B2=20Balzarotti?= <nicolo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.3 (/)
From: Nicolò Balzarotti <nicolo@HIDDEN>
* gnu/services/ssh.scm: Add endlessh service
endlessh-configuration>): New record type.
(endlessh-config->conf, endlessh-shepherd-service, endlessh-service-type): New procedures.
* doc/guix.texi: added documnetation for the endlessh service.
---
doc/guix.texi | 60 ++++++++++++++++++++++++++++++++++++
gnu/services/ssh.scm | 73 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 133 insertions(+)
diff --git a/doc/guix.texi b/doc/guix.texi
index 99f8ba6c54..9a1e2801dd 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -20393,6 +20393,66 @@ may cause undefined behaviour.
@end table
@end deftp
+@cindex Endlessh
+@deffn {Scheme Variable} endlessh-service-type
+This is the type for the @uref{https://github.com/skeeto/endlessh,
+Endlessh} service, which is an ssh tarbit. It delays ssh clients for
+days at a time by @emph{very slowly} sending a random and endless SSH
+banner. The smart hacker will run endlessh on port 22, and let crackers
+get stuck in this tarpit. This lets your real ssh server run more
+securely on a non-standard port.
+
+For example:
+
+@lisp
+(service endlessh-service-type
+ (endlessh-configuration
+ (port-number 22)))
+@end lisp
+
+@end deffn
+
+@deftp {Data Type} endlessh-configuration
+Data type representing the configuration for @code{endlessh-service}.
+@table @asis
+@item @code{package} (default: @var{endlessh})
+@code{endlessh} package to use.
+
+@item @code{bind-family} (default: @code{'(ipv4 ipv6)})
+This specifies if endlessh should use ipv4 and/or ipv6.
+
+@item @code{delay} (default: @code{10000})
+The endless banner is sent one line at a time. This is the delay
+in milliseconds between individual lines.
+
+@item @code{length} (default: @code{32})
+The length of each line is randomized. This controls the maximum length
+of each line. Shorter lines may keep clients on for longer if they give
+up after a certain number of bytes.
+
+@item @code{max-clients} (default: @code{4096})
+Maximum number of connections to accept at a time. Connections beyond
+this are not immediately rejected, but will wait in the queue.
+
+@item @code{port-number} (default: @code{2222})
+The port on which to listen for new SSH connections. Most users who
+want to use endlessh as intended should set this port number to
+@code{22}.
+
+@item @code{log-level} (default: @code{0})
+Set the detail level for the log.
+@table @asis
+@item 0 = Quiet
+@item 1 = Standard, useful log messages
+@item 2 = Very noisy debugging information
+@end table
+
+@item @code{syslog} (default: @code{#f})
+Print diagnostics to syslog instead of standard output
+
+@end table
+@end deftp
+
@cindex WebSSH
@deffn {Scheme Variable} webssh-service-type
This is the type for the @uref{https://webssh.huashengdun.org/, WebSSH}
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 72e7183590..2e547b63cd 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -58,6 +58,10 @@ (define-module (gnu services ssh)
autossh-configuration?
autossh-service-type
+ endlessh-configuration
+ endlessh-configuration?
+ endlessh-service-type
+
webssh-configuration
webssh-configuration?
webssh-service-type
@@ -802,6 +806,75 @@ (define autossh-service-type
autossh-service-activation)))
(default-value (autossh-configuration))))
+
+;;;
+;;; Endlessh.
+;;;
+
+(define-record-type* <endlessh-configuration>
+ endlessh-configuration make-endlessh-configuration
+ endlessh-configuration?
+ ;; list of two symbols, allowed values are ipv4, ipv6 or both
+ (bind-family endlessh-configuration-bind-family (default '(ipv4 ipv6)))
+ ;; integer
+ (delay endlessh-configuration-delay (default 10000))
+ ;; integer
+ ;; Must be in the range
+ (length endlessh-configuration-length (default 32))
+ ;; integer
+ (max-clients endlessh-configuration-max-clients (default 4096))
+ ;; integer
+ (port-number endlessh-configuration-port-number (default 2222))
+ ;; integer
+ ;; Allowed values are 0, 1 and 2
+ (log-level endlessh-configuration-log-level (default 0)))
+
+(define (endlessh-config->conf config)
+ "Convert the CONFIG of type <endlessh-config> to a config file."
+ (let* ((family (endlessh-configuration-bind-family config))
+ (ipv4 (member 'ipv4 family))
+ (ipv6 (member 'ipv6 family))
+ (port (endlessh-configuration-port-number config))
+ (delay (endlessh-configuration-delay config))
+ (length (endlessh-configuration-length config))
+ (log-level (endlessh-configuration-log-level config))
+ (max-clients (endlessh-configuration-max-clients config))
+ (bind
+ ;; check if both are true (0), or only one of them is present
+ (if (not (and (equal? ipv4 ipv6) ipv4))
+ (if ipv4 4
+ (if ipv6 6
+ (throw 'endlessh-error
+ "bind-family must contain at least one value")))
+ 0)))
+ (mixed-text-file "endlessh.conf"
+ "# Generated by 'endlessh-config'.\n\n"
+ "Port " (number->string port) "\n"
+ "Delay " (number->string delay) "\n"
+ "MaxLineLength " (number->string length) "\n"
+ "MaxClients " (number->string max-clients) "\n"
+ "LogLevel " (number->string log-level) "\n"
+ "BindFamily " (number->string bind) "\n")))
+
+(define (endlessh-shepherd-service config)
+ (shepherd-service
+ (documentation "Run endlessh tarpit server.")
+ (provision '(endlessh))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append endlessh "/bin/endlessh")
+ "-f" #$(endlessh-config->conf config))))
+ (stop #~(make-kill-destructor))))
+
+(define endlessh-service-type
+ (service-type
+ (name 'endlessh)
+ (description "Run endlessh tarpit server.")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ (compose list endlessh-shepherd-service))))
+ (default-value (endlessh-configuration))))
+
+
;;;
;;; WebSSH
--
2.37.3
guix-patches@HIDDEN:bug#39136; Package guix-patches.
Full text available.
Received: (at 39136) by debbugs.gnu.org; 30 Sep 2022 17:03:37 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Sep 30 13:03:37 2022
Received: from localhost ([127.0.0.1]:42820 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1oeJQG-00050i-EE
for submit <at> debbugs.gnu.org; Fri, 30 Sep 2022 13:03:36 -0400
Received: from mx1.dismail.de ([78.46.223.134]:48344)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <jbranso@HIDDEN>) id 1oeJQA-00050R-8B
for 39136 <at> debbugs.gnu.org; Fri, 30 Sep 2022 13:03:34 -0400
Received: from mx1.dismail.de (localhost [127.0.0.1])
by mx1.dismail.de (OpenSMTPD) with ESMTP id 81f45e3b;
Fri, 30 Sep 2022 19:03:23 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=from:to:cc
:subject:date:message-id:mime-version:content-type
:content-transfer-encoding; s=20190914; bh=2bz8z2cvINgNOa7KNCOgw
bW4BV4sOi/jRH/vioDDsYc=; b=hx7VO6l7enwCGsX7ckmvaM+Z8/M/IOdIaLMEE
Eaacavg0lEOypdJ5cPk7q8C3yseiOj+wfTZIn88VxH72LUA5U5E7I1CUQP9T6U0V
0iW1cMceAYkNZj2r5Xepbvn4SaV2ra/R2hV2aGCO9//6jiMh5JaQAgzt+KfJaOUZ
/gfWxmZBR5bWRrhDpq38vu4eC3yH4+jvHwosQxWchTvqetErSkhyU/LfNQzmjfdY
1BuAkKYls8cqCxR0l1Mi6iQ3htzX5BfH2zH4xNUBM7A/ssTA4a3xTwMI80s7Easp
DxBGOmPmSOKoUwkCBN3Nj0dWiHdoeMqpJVS0r3BHDTNh0NHzg==
Received: from smtp1.dismail.de (<unknown> [10.240.26.11])
by mx1.dismail.de (OpenSMTPD) with ESMTP id 4be987a2;
Fri, 30 Sep 2022 19:03:23 +0200 (CEST)
Received: from smtp1.dismail.de (localhost [127.0.0.1])
by smtp1.dismail.de (OpenSMTPD) with ESMTP id 9d81ceeb;
Fri, 30 Sep 2022 19:03:23 +0200 (CEST)
Received: by dismail.de (OpenSMTPD) with ESMTPSA id 05cba35b
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO);
Fri, 30 Sep 2022 19:03:22 +0200 (CEST)
From: Joshua Branson <jbranso@HIDDEN>
To: 39136 <at> debbugs.gnu.org
Subject: [PATCH] * gnu: endlessh: new service
Date: Fri, 30 Sep 2022 13:03:01 -0400
Message-Id: <20220930170301.21324-1-jbranso@HIDDEN>
X-Mailer: git-send-email 2.37.3
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: From: Nicolò Balzarotti <nicolo@HIDDEN> Here is an attempted
merger of patch 1 and 2. I hope that it applies cleanly to master, but if
it does not, please let me know! Thanks!
Content analysis details: (1.3 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: nixo.xyz (xyz)]
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/,
low trust
[78.46.223.134 listed in list.dnswl.org]
X-Debbugs-Envelope-To: 39136
Cc: ludo@HIDDEN, =?UTF-8?q?Nicol=C3=B2=20Balzarotti?= <nicolo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.3 (/)
From: Nicolò Balzarotti <nicolo@HIDDEN>
Here is an attempted merger of patch 1 and 2. I hope that it applies
cleanly to master, but if it does not, please let me know!
Thanks!
Joshua
* gnu/services/ssh.scm: Add endlessh service
endlessh-configuration>): New record type.
(endlessh-config->conf, endlessh-shepherd-service, endlessh-service-type): New procedures.
* doc/guix.texi: added documnetation for the endlessh service.
---
doc/guix.texi | 60 ++++++++++++++++++++++++++++++++++++
gnu/services/ssh.scm | 73 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 133 insertions(+)
diff --git a/doc/guix.texi b/doc/guix.texi
index 99f8ba6c54..9a1e2801dd 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -20393,6 +20393,66 @@ may cause undefined behaviour.
@end table
@end deftp
+@cindex Endlessh
+@deffn {Scheme Variable} endlessh-service-type
+This is the type for the @uref{https://github.com/skeeto/endlessh,
+Endlessh} service, which is an ssh tarbit. It delays ssh clients for
+days at a time by @emph{very slowly} sending a random and endless SSH
+banner. The smart hacker will run endlessh on port 22, and let crackers
+get stuck in this tarpit. This lets your real ssh server run more
+securely on a non-standard port.
+
+For example:
+
+@lisp
+(service endlessh-service-type
+ (endlessh-configuration
+ (port-number 22)))
+@end lisp
+
+@end deffn
+
+@deftp {Data Type} endlessh-configuration
+Data type representing the configuration for @code{endlessh-service}.
+@table @asis
+@item @code{package} (default: @var{endlessh})
+@code{endlessh} package to use.
+
+@item @code{bind-family} (default: @code{'(ipv4 ipv6)})
+This specifies if endlessh should use ipv4 and/or ipv6.
+
+@item @code{delay} (default: @code{10000})
+The endless banner is sent one line at a time. This is the delay
+in milliseconds between individual lines.
+
+@item @code{length} (default: @code{32})
+The length of each line is randomized. This controls the maximum length
+of each line. Shorter lines may keep clients on for longer if they give
+up after a certain number of bytes.
+
+@item @code{max-clients} (default: @code{4096})
+Maximum number of connections to accept at a time. Connections beyond
+this are not immediately rejected, but will wait in the queue.
+
+@item @code{port-number} (default: @code{2222})
+The port on which to listen for new SSH connections. Most users who
+want to use endlessh as intended should set this port number to
+@code{22}.
+
+@item @code{log-level} (default: @code{0})
+Set the detail level for the log.
+@table @asis
+@item 0 = Quiet
+@item 1 = Standard, useful log messages
+@item 2 = Very noisy debugging information
+@end table
+
+@item @code{syslog} (default: @code{#f})
+Print diagnostics to syslog instead of standard output
+
+@end table
+@end deftp
+
@cindex WebSSH
@deffn {Scheme Variable} webssh-service-type
This is the type for the @uref{https://webssh.huashengdun.org/, WebSSH}
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 72e7183590..2e547b63cd 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -58,6 +58,10 @@ (define-module (gnu services ssh)
autossh-configuration?
autossh-service-type
+ endlessh-configuration
+ endlessh-configuration?
+ endlessh-service-type
+
webssh-configuration
webssh-configuration?
webssh-service-type
@@ -802,6 +806,75 @@ (define autossh-service-type
autossh-service-activation)))
(default-value (autossh-configuration))))
+
+;;;
+;;; Endlessh.
+;;;
+
+(define-record-type* <endlessh-configuration>
+ endlessh-configuration make-endlessh-configuration
+ endlessh-configuration?
+ ;; list of two symbols, allowed values are ipv4, ipv6 or both
+ (bind-family endlessh-configuration-bind-family (default '(ipv4 ipv6)))
+ ;; integer
+ (delay endlessh-configuration-delay (default 10000))
+ ;; integer
+ ;; Must be in the range
+ (length endlessh-configuration-length (default 32))
+ ;; integer
+ (max-clients endlessh-configuration-max-clients (default 4096))
+ ;; integer
+ (port-number endlessh-configuration-port-number (default 2222))
+ ;; integer
+ ;; Allowed values are 0, 1 and 2
+ (log-level endlessh-configuration-log-level (default 0)))
+
+(define (endlessh-config->conf config)
+ "Convert the CONFIG of type <endlessh-config> to a config file."
+ (let* ((family (endlessh-configuration-bind-family config))
+ (ipv4 (member 'ipv4 family))
+ (ipv6 (member 'ipv6 family))
+ (port (endlessh-configuration-port-number config))
+ (delay (endlessh-configuration-delay config))
+ (length (endlessh-configuration-length config))
+ (log-level (endlessh-configuration-log-level config))
+ (max-clients (endlessh-configuration-max-clients config))
+ (bind
+ ;; check if both are true (0), or only one of them is present
+ (if (not (and (equal? ipv4 ipv6) ipv4))
+ (if ipv4 4
+ (if ipv6 6
+ (throw 'endlessh-error
+ "bind-family must contain at least one value")))
+ 0)))
+ (mixed-text-file "endlessh.conf"
+ "# Generated by 'endlessh-config'.\n\n"
+ "Port " (number->string port) "\n"
+ "Delay " (number->string delay) "\n"
+ "MaxLineLength " (number->string length) "\n"
+ "MaxClients " (number->string max-clients) "\n"
+ "LogLevel " (number->string log-level) "\n"
+ "BindFamily " (number->string bind) "\n")))
+
+(define (endlessh-shepherd-service config)
+ (shepherd-service
+ (documentation "Run endlessh tarpit server.")
+ (provision '(endlessh))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append endlessh "/bin/endlessh")
+ "-f" #$(endlessh-config->conf config))))
+ (stop #~(make-kill-destructor))))
+
+(define endlessh-service-type
+ (service-type
+ (name 'endlessh)
+ (description "Run endlessh tarpit server.")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ (compose list endlessh-shepherd-service))))
+ (default-value (endlessh-configuration))))
+
+
;;;
;;; WebSSH
--
2.37.3
guix-patches@HIDDEN:bug#39136; Package guix-patches.
Full text available.
Received: (at 39136) by debbugs.gnu.org; 31 Aug 2022 23:34:48 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Aug 31 19:34:48 2022
Received: from localhost ([127.0.0.1]:40736 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1oTXEO-0008NH-Et
for submit <at> debbugs.gnu.org; Wed, 31 Aug 2022 19:34:48 -0400
Received: from mx1.dismail.de ([78.46.223.134]:17537)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <jbranso@HIDDEN>) id 1oTXEL-0008N0-O2
for 39136 <at> debbugs.gnu.org; Wed, 31 Aug 2022 19:34:47 -0400
Received: from mx1.dismail.de (localhost [127.0.0.1])
by mx1.dismail.de (OpenSMTPD) with ESMTP id 924e9f0c;
Thu, 1 Sep 2022 01:34:38 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=
mime-version:date:content-type:content-transfer-encoding:from
:message-id:subject:to:cc:in-reply-to:references; s=20190914;
bh=pRBogABCYoErypTkDyHzWfRAXnGaIIbkk9CKjgbdUjc=; b=WTC7yOdzc8Ca
zXsZje+WkjVorMLQud35y+jxoYJzamgRE5uJJUwUqcczJctWnJpPiw0ShAvekc/V
mTCoRH/LkPjOFG6fph00s9LEPIPI7ONK+KZKAlQflDNpnCfZEXXLYD1Wh5EWR0Gg
guo4GcFePcs0umHyn92hT++NccXh2quYZtdWtoiQ7JZuydAm+nCWt5dJHMK5icfd
0UEDWVKXacjX6I2IxdTPmAZ/upevgvaQ2EtGzNBhTxsbQNHiux+50MbRTZCQIpfW
e4uVo5FIWlOtmMLaVvttgJ1qCWGzWNGMrizNmILc/Bp4cLfZUmKuG7dPpbszojvK
E6KS2QtiUw==
Received: from smtp1.dismail.de (<unknown> [10.240.26.11])
by mx1.dismail.de (OpenSMTPD) with ESMTP id aceae057;
Thu, 1 Sep 2022 01:34:37 +0200 (CEST)
Received: from smtp1.dismail.de (localhost [127.0.0.1])
by smtp1.dismail.de (OpenSMTPD) with ESMTP id dde0b43b;
Thu, 1 Sep 2022 01:34:37 +0200 (CEST)
Received: by dismail.de (OpenSMTPD) with ESMTPSA id 7caab8b5
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO);
Thu, 1 Sep 2022 01:34:37 +0200 (CEST)
MIME-Version: 1.0
Date: Wed, 31 Aug 2022 23:34:36 +0000
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: RainLoop/1.16.0a
From: jbranso@HIDDEN
Message-ID: <1c810968a4114879ea1c9c1e7c927d28@HIDDEN>
Subject: Re: bug#39136: [PATCH] gnu: services: Add endlessh.
To: "=?utf-8?B?THVkb3ZpYyBDb3VydMOocw==?=" <ludo@HIDDEN>
In-Reply-To: <87o7w0bsci.fsf_-_@HIDDEN>
References: <87o7w0bsci.fsf_-_@HIDDEN>
<20210315162949.17092-1-jbranso@HIDDEN>
<20210315162949.17092-2-jbranso@HIDDEN>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 39136
Cc: 39136 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
August 31, 2022 6:49 AM, "Ludovic Court=C3=A8s" <ludo@HIDDEN> wrote:
> Hi Joshua,
>=20
>=20Joshua Branson <jbranso@HIDDEN> skribis:
>=20
>>=20doc: endlessh service documentation.
>>=20
>>=20* doc/guix.texi (Networking Services): New endlessh-service-type sec=
tion.
>>=20
>>=20services: containerized endlessh
>>=20
>>=20* gnu/services/ssh.scm (endlessh-config->conf): make-forkexec-contru=
ctor ->
>> make-forkexec-constructor/container. and attempted to enable logging t=
o syslog.
>> (define-record-type* <endlessh-configuration>)
>> move default values of endlessh configuration to separate line.
>> Add copyright line for Nicolo.
>=20
>=20Could you merge both patch #1 and patch #2? Usually doc is added in t=
he
> same commit as the thing being documented.
>=20
>>=20+@cindex Endlessh
>> +@deffn {Scheme Variable} endlessh-service-type
>> +This is the type for the @uref{https://github.com/skeeto/endlessh,
>> +Endlessh} program that delays ssh clients for days at a time by
>=20
>=20Nitpick: s/ssh/SSH/.
>=20
>>=20+@emph{very slowly} sending a random and endless SSH banner. The sma=
rt
>> +hacker will put endlessh running on port 22, and let crackers get stu=
ck
>=20
>=20Maybe =E2=80=9CThe smart hacker will put=E2=80=9D -> =E2=80=9CYou wou=
ld typically run=E2=80=9D
>=20
>>=20+ (start #~(make-forkexec-constructor/container
>=20
>=20Let=E2=80=99s forget about =E2=80=98/container=E2=80=99 for now if it=
doesn=E2=80=99t work yet.
>=20
>=20Perhaps we can have a minimal system test to make sure the thing is
> running and listening on the right port? There are tests for
> full-fledged SSH servers in (gnu tests ssh) that could serve as
> inspiration.
>=20
>=20Could you send a (hopefully) last version with these changes?
Will merge the doc and code changes and submit an updated patch soon.
Thanks!
Joshua
>=20
>=20Thanks in advance,
> Ludo=E2=80=99.
guix-patches@HIDDEN:bug#39136; Package guix-patches.
Full text available.
Received: (at 39136) by debbugs.gnu.org; 31 Aug 2022 10:49:45 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Aug 31 06:49:45 2022
Received: from localhost ([127.0.0.1]:38327 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1oTLI1-0000TV-1p
for submit <at> debbugs.gnu.org; Wed, 31 Aug 2022 06:49:45 -0400
Received: from eggs.gnu.org ([209.51.188.92]:59446)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1oTLHy-0000TF-6I
for 39136 <at> debbugs.gnu.org; Wed, 31 Aug 2022 06:49:43 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:34736)
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1oTLHs-0001qY-Th; Wed, 31 Aug 2022 06:49:36 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
From; bh=PLue9P7BEPor8f/Vtyo/+spTDvd0iwjoPnszWmHLLzQ=; b=Ut9Yx7svYLs7h6Qxl6iA
mlRFKrlLkZRx6hGNpYfKw+J+QUY2WXT6ZcxKk41s5OlMaJKjxL3I9B5gIJnhQT/rIyY5QzAZJfF4C
H1gdgLVf+zOuCewIhR/ARkpGZd3z4xIf8CM16MABP6RbqgOqgcQ7zloaT0oTj9DFE2EDHW9yMD3Ex
yTqEeSsQ/HcJiXNlrVZILPqUY6COFYWSbz55laxxLXePaMvfUkknB8Ns7jhETJL9+SF1FRohKe8hx
IzshK+40IEVD15j4UKBd9fWfklz6wN1R5w6fhw0FoPpUgsxO2WO8I3oPI1cpFQNlorSb+lHwfnh4n
zIWqUHJXF3DSiA==;
Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:50428
helo=ribbon)
by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1oTLHs-0007IP-54; Wed, 31 Aug 2022 06:49:36 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Joshua Branson <jbranso@HIDDEN>
Subject: Re: bug#39136: [PATCH] gnu: services: Add endlessh.
References: <20210315162949.17092-1-jbranso@HIDDEN>
<20210315162949.17092-2-jbranso@HIDDEN>
Date: Wed, 31 Aug 2022 12:49:33 +0200
In-Reply-To: <20210315162949.17092-2-jbranso@HIDDEN> (Joshua Branson's
message of "Mon, 15 Mar 2021 12:29:49 -0400")
Message-ID: <87o7w0bsci.fsf_-_@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 39136
Cc: 39136 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Hi Joshua,
Joshua Branson <jbranso@HIDDEN> skribis:
> doc: endlessh service documentation.
>
> * doc/guix.texi (Networking Services): New endlessh-service-type section.
>
> services: containerized endlessh
>
> * gnu/services/ssh.scm (endlessh-config->conf): make-forkexec-contructor =
->
> make-forkexec-constructor/container. and attempted to enable logging to s=
yslog.
> (define-record-type* <endlessh-configuration>)
> move default values of endlessh configuration to separate line.
> Add copyright line for Nicolo.
Could you merge both patch #1 and patch #2? Usually doc is added in the
same commit as the thing being documented.
> +@cindex Endlessh
> +@deffn {Scheme Variable} endlessh-service-type
> +This is the type for the @uref{https://github.com/skeeto/endlessh,
> +Endlessh} program that delays ssh clients for days at a time by
Nitpick: s/ssh/SSH/.
> +@emph{very slowly} sending a random and endless SSH banner. The smart
> +hacker will put endlessh running on port 22, and let crackers get stuck
Maybe =E2=80=9CThe smart hacker will put=E2=80=9D -> =E2=80=9CYou would typ=
ically run=E2=80=9D
> + (start #~(make-forkexec-constructor/container
Let=E2=80=99s forget about =E2=80=98/container=E2=80=99 for now if it doesn=
=E2=80=99t work yet.
Perhaps we can have a minimal system test to make sure the thing is
running and listening on the right port? There are tests for
full-fledged SSH servers in (gnu tests ssh) that could serve as
inspiration.
Could you send a (hopefully) last version with these changes?
Thanks in advance,
Ludo=E2=80=99.
guix-patches@HIDDEN:bug#39136; Package guix-patches.
Full text available.Received: (at 39136) by debbugs.gnu.org; 4 Apr 2021 13:32:16 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Apr 04 09:32:16 2021 Received: from localhost ([127.0.0.1]:35116 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1lT2rP-00029E-W3 for submit <at> debbugs.gnu.org; Sun, 04 Apr 2021 09:32:16 -0400 Received: from mx1.dismail.de ([78.46.223.134]:23377) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <jbranso@HIDDEN>) id 1lT2rN-00028y-4R for 39136 <at> debbugs.gnu.org; Sun, 04 Apr 2021 09:32:14 -0400 Received: from mx1.dismail.de (localhost [127.0.0.1]) by mx1.dismail.de (OpenSMTPD) with ESMTP id b686fa3f; Sun, 4 Apr 2021 15:32:05 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=from:to:cc :subject:references:date:in-reply-to:message-id:mime-version :content-type:content-transfer-encoding; s=20190914; bh=t6A+7g/Z YheQMedmRuwR0h7QjyeO8k+iMuBLrTBAQQE=; b=uV1po3/NpeFWwA8H3EaXOt0G eVubz7f/xQmMNVM+xpANqPfwY111ODOy+ObgGD/mvtNHdBZpkXO07TIw50ZxEsSp 6nbdMDQeWKTbnvqQMILrJ7AjbAmlbP00EFfWQqD3IglM+XjbUm55LYfkNgJdSvmC aqDp/z8nixdS+xY4G8/ziAgJT42uMy/uhwpklwRd2hUOPPPiiw/V45TwsZRDp4Fz C9PXNZjy/CA44T9866QTWCL6tuTTF54lxxN7Z1ruagXTXFyTMzgzftciIH4W/o89 cm6rk9GnHAI79J19+M8dFMFqwQJBh4Zbs1OPLVq5oOfrd24Qw4fYq3MdMS46gw== Received: from smtp2.dismail.de (<unknown> [10.240.26.12]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 41f6a369; Sun, 4 Apr 2021 15:32:05 +0200 (CEST) Received: from smtp2.dismail.de (localhost [127.0.0.1]) by smtp2.dismail.de (OpenSMTPD) with ESMTP id e4f6d675; Sun, 4 Apr 2021 15:32:05 +0200 (CEST) Received: by dismail.de (OpenSMTPD) with ESMTPSA id f2308c99 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Sun, 4 Apr 2021 15:32:04 +0200 (CEST) From: Joshua Branson <jbranso@HIDDEN> To: Oleg Pykhalov <go.wigust@HIDDEN> Subject: Re: bug#39136: [PATCH] gnu: services: Add endlessh. References: <874kwx91k6.fsf@HIDDEN> <87a6r39ksa.fsf@HIDDEN> <87h7l7kt9r.fsf_-_@HIDDEN> <87zgyv2fjd.fsf_-_@HIDDEN> Date: Sun, 04 Apr 2021 09:31:51 -0400 In-Reply-To: <87zgyv2fjd.fsf_-_@HIDDEN> (Oleg Pykhalov's message of "Mon, 22 Mar 2021 21:45:42 +0300") Message-ID: <878s5ymb08.fsf_-_@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 39136 Cc: 39136 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Oleg Pykhalov <go.wigust@HIDDEN> writes: > Hello, > > I failed to test endlessh with "services: containerized endlessh" patch > in a virtual machine. Unfortunately at the moment I'm not familiar with > =E2=80=98make-forkexec-constructor/container=E2=80=99 machinery, and have= no idea about > that causing the issue of boot hang. Failed VM config in attachment. > > > > > I succeeded to test without "services: containerized endlessh". If wish > to fix a problem, ping me then you done. Otherwise I could push a > working version without containerization. Oh, I suppose that I will try to get containerization working on this service. I'd prefer to have it containerized, since it is running as root. Thanks! > > Thanks, > Oleg. > -- Joshua Branson (joshuaBPMan in #guix) Sent from Emacs and Gnus https://gnucode.me https://video.hardlimit.com/accounts/joshua_branson/video-channels https://propernaming.org "You can have whatever you want, as long as you help enough other people get what they want." - Zig Ziglar
guix-patches@HIDDEN:bug#39136; Package guix-patches.
Full text available.
Received: (at 39136) by debbugs.gnu.org; 22 Mar 2021 18:45:55 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Mar 22 14:45:55 2021
Received: from localhost ([127.0.0.1]:58628 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lOPYp-0004CB-3D
for submit <at> debbugs.gnu.org; Mon, 22 Mar 2021 14:45:55 -0400
Received: from mail-lj1-f181.google.com ([209.85.208.181]:34762)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <go.wigust@HIDDEN>) id 1lOPYn-0004By-48
for 39136 <at> debbugs.gnu.org; Mon, 22 Mar 2021 14:45:53 -0400
Received: by mail-lj1-f181.google.com with SMTP id f16so22431508ljm.1
for <39136 <at> debbugs.gnu.org>; Mon, 22 Mar 2021 11:45:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=from:to:cc:subject:references:date:in-reply-to:message-id
:user-agent:mime-version;
bh=6s6QoLAowzqzO7xzq5EuautVaZh3XrsCACcAjlg8a1w=;
b=LzwIPOqIheScU+sXOZGy2eABOhKDZK5Mg1XrlFJq3R16ENXe6otdihSBqVmbIlBBEz
TUCxDJEIKO12yPk0N2jUozfFnz/gElCT43+4fcycIgiNfIEmMWhb5Jmf9pIFjhx3te/f
dsA8Hp4T7aa+mVsMeBmvI8gQEYr8jL3KdNt88pVgK3gD67Mauaq+pFrKzWelHoFwMi7c
qOWRkA7A8dYBebBi0KglaQZcKTQ6Na/fSHBnon56qv6irMyN8E66YR1FFW71L4M5Bp7h
tt02PJ7GKN0i1VQklWDBJkOvBLJmUP9/D/bYpAthsFrSZvpuSOghtTFM/B/tvMxpEFIV
DFKA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
:message-id:user-agent:mime-version;
bh=6s6QoLAowzqzO7xzq5EuautVaZh3XrsCACcAjlg8a1w=;
b=ZE4MTVX7kt6+XMnbxAV6FxF3OkhHdifH7RteN75jIrLsgd2uExVhnYtj8v9Z7yW+gl
TfUdfQv3BgGOen8wDQRN1Jdi0WRQ1vjMFOq/LjQ3Oa9q/eHI2pl5quPQ9TNnj1yzvZWQ
nytzy6gp4vXH/3a8gkTM3RFhmXlY35K/OsrxqU0sJtArHwrZQAQ3mqrQnbSxU6v1hnEk
KziaQwvAQenAXJRHNZWWzWo+Hz/bSlAVGgINPLjQ0Gx8iIDTB49wkUSlrvxw4Zj3sjsJ
lkbk8Tb9YbSALfQXl3dPKndtEyWN68kCZNbzGb3CKOeYj1YGmcjAwQAI6iRVBT0qZP3Y
GKIg==
X-Gm-Message-State: AOAM533hViaGetbAjxc3W5xwlIYni+L708PFpYi5dxmX4Y2jXnFIJIq1
+3Ldlq2JA8hQGo+5IAWYQbJLIDj4M1U=
X-Google-Smtp-Source: ABdhPJzG3j79njCFeg08mVfydc+eYyTxVPeXbN7sDKxmQu0Ov8o1yxh/VQGImZCS1q49Uh6pmenrHA==
X-Received: by 2002:a2e:b537:: with SMTP id z23mr544747ljm.350.1616438746665;
Mon, 22 Mar 2021 11:45:46 -0700 (PDT)
Received: from guixsd ([88.201.161.72])
by smtp.gmail.com with ESMTPSA id j19sm874638lfg.225.2021.03.22.11.45.45
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 22 Mar 2021 11:45:45 -0700 (PDT)
From: Oleg Pykhalov <go.wigust@HIDDEN>
To: Joshua Branson <jbranso@HIDDEN>
Subject: Re: bug#39136: [PATCH] gnu: services: Add endlessh.
References: <874kwx91k6.fsf@HIDDEN>
<87a6r39ksa.fsf@HIDDEN> <87h7l7kt9r.fsf_-_@HIDDEN>
Date: Mon, 22 Mar 2021 21:45:42 +0300
In-Reply-To: <87h7l7kt9r.fsf_-_@HIDDEN> (Joshua Branson's message of "Fri,
19 Mar 2021 12:22:40 -0400")
Message-ID: <87zgyv2fjd.fsf_-_@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="==-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 39136
Cc: 39136 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
--==-=-=
Content-Type: multipart/mixed; boundary="=-=-="
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hello,
I failed to test endlessh with "services: containerized endlessh" patch
in a virtual machine. Unfortunately at the moment I'm not familiar with
=E2=80=98make-forkexec-constructor/container=E2=80=99 machinery, and have n=
o idea about
that causing the issue of boot hang. Failed VM config in attachment.
--=-=-=
Content-Type: text/x-scheme
Content-Disposition: attachment; filename=vm-image.tmpl
Content-Description: vm-image.tmpl
;; This is an operating system configuration for a VM image.
;; Modify it as you see fit and instantiate the changes by running:
;;
;; guix system reconfigure /etc/config.scm
;;
(use-modules (gnu) (guix) (srfi srfi-1))
(use-service-modules desktop networking ssh xorg)
(use-package-modules bootloaders certs fonts nvi
package-management wget xorg)
(define vm-image-motd (plain-file "motd" "
\x1b[1;37mThis is the GNU system. Welcome!\x1b[0m
This instance of Guix is a template for virtualized environments.
You can reconfigure the whole system by adjusting /etc/config.scm
and running:
guix system reconfigure /etc/config.scm
Run '\x1b[1;37minfo guix\x1b[0m' to browse documentation.
\x1b[1;33mConsider setting a password for the 'root' and 'guest' \
accounts.\x1b[0m
"))
(operating-system
(host-name "gnu")
(timezone "Etc/UTC")
(locale "en_US.utf8")
(keyboard-layout (keyboard-layout "us" "altgr-intl"))
;; Label for the GRUB boot menu.
(label (string-append "GNU Guix " (package-version guix)))
(firmware '())
;; Below we assume /dev/vda is the VM's hard disk.
;; Adjust as needed.
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
(target "/dev/vda")
(terminal-outputs '(console))))
(file-systems (cons (file-system
(mount-point "/")
(device "/dev/vda1")
(type "ext4"))
%base-file-systems))
(users (cons (user-account
(name "guest")
(comment "GNU Guix Live")
(password "") ;no password
(group "users")
(supplementary-groups '("wheel" "netdev"
"audio" "video")))
%base-user-accounts))
;; Our /etc/sudoers file. Since 'guest' initially has an empty password,
;; allow for password-less sudo.
(sudoers-file (plain-file "sudoers" "\
root ALL=(ALL) ALL
%wheel ALL=NOPASSWD: ALL\n"))
(packages (append (list nss-certs wget)
%base-packages))
(services
(append (list ;; Uncomment the line below to add an SSH server.
;; (service openssh-service-type
;; (openssh-configuration
;; (port-number 2222)))
(service endlessh-service-type
(endlessh-configuration
(port-number 2222)))
;; Use the DHCP client service rather than NetworkManager.
(service dhcp-client-service-type))
;; Remove GDM, ModemManager, NetworkManager, and wpa-supplicant,
;; which don't make sense in a VM.
(remove (lambda (service)
(let ((type (service-kind service)))
(or (memq type
(list gdm-service-type
wpa-supplicant-service-type
cups-pk-helper-service-type
network-manager-service-type
modem-manager-service-type))
(eq? 'network-manager-applet
(service-type-name type)))))
(modify-services %base-services
(login-service-type config =>
(login-configuration
(inherit config)
(motd vm-image-motd)))))))
;; Allow resolution of '.local' host names with mDNS.
(name-service-switch %mdns-host-lookup-nss))
--=-=-=
Content-Type: text/plain
I succeeded to test without "services: containerized endlessh". If wish
to fix a problem, ping me then you done. Otherwise I could push a
working version without containerization.
Thanks,
Oleg.
--=-=-=--
--==-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEcjhxI46s62NFSFhXFn+OpQAa+pwFAmBY5dYUHGdvLndpZ3Vz
dEBnbWFpbC5jb20ACgkQFn+OpQAa+pwRLQ//b7/BeXuTmjoPBdvCo7+zef/q67Hu
q68tZwvp4SZoOXSrTOlwKFhmr4jRKdlw8SDGg3Xx7ZMU6YbsTmvndzl82wyTIHpf
+754G2XTQib/MGseVg4XvBkkYYkgbtMW7xINqd723dM9b46ZmRQbjLCSWPmoj1zM
voNeQsGpSVa7iz+UDE/OHpqDQhdXKA35OqPUssCjj/Bkbo1+gYb3itqruHXkxjdI
bjiYDVu47eaBPvd3QPQSm8xESKPB5yuj/LRO0JijyREXsvV4yfZVyJJk9a3c9nX9
nQLYwBFgRr6++X1O39PA6mzT45NlTR3r3XKjsCd0HtOh1sTytjNA/olTGw1+W1e5
gOjU4mtvGEzRF3p9BQs8D3VV3wVkmjgQDdHK9/gOpT+x0aUGdJp2w/ByTN1FeNRL
tRzTGOzYBrKv5zsVMv9PKR6zklhtDWz9fnSQa/5CnfI3x82lr5M+MMxGTpQPFISq
GZS6ITA1RSD+yEdu6V2JohPHqhbeI06O4e6HGy6MHIHxQU6mtZLAXpKE5AJvSmP2
y7F1pWBz6UZGHqBKfmRDReCeq+eOKjjgL2HeZ28ync1lpi00DEiU2PVZvleWposv
K95fMxloXmITqPN1621/jxhnwXq0iLhL7fwJMJEN1enscfT8nNOBwg+MI88OPg+u
ZSb5mXMtM0UcLr0=
=Dj5i
-----END PGP SIGNATURE-----
--==-=-=--
guix-patches@HIDDEN:bug#39136; Package guix-patches.
Full text available.Received: (at 39136) by debbugs.gnu.org; 19 Mar 2021 16:23:08 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Mar 19 12:23:08 2021 Received: from localhost ([127.0.0.1]:50876 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1lNHtz-0006Pr-TO for submit <at> debbugs.gnu.org; Fri, 19 Mar 2021 12:23:08 -0400 Received: from mx1.dismail.de ([78.46.223.134]:8171) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <jbranso@HIDDEN>) id 1lNHty-0006PA-AD for 39136 <at> debbugs.gnu.org; Fri, 19 Mar 2021 12:23:07 -0400 Received: from mx1.dismail.de (localhost [127.0.0.1]) by mx1.dismail.de (OpenSMTPD) with ESMTP id c3e611f8; Fri, 19 Mar 2021 17:22:59 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=from:to :subject:references:cc:date:in-reply-to:message-id:mime-version :content-type; s=20190914; bh=l1/wowBBoZpZl+YCg2ZbLQdaWIvjTVXdJB ITsg8bb78=; b=FBOsp6k9F2kSxRJbxFT0RZ8TqnHXzZbJqOTMmdmXbM8Q1SiFee FoZtpRU5XGcLdF1HvuAMq20sILmMEoa7evAtkXhBnS/s5kRAXTc3zD18DjVLQijl /n0EcOlDkZ0rZVVhv/xD5UD1Ybgms2kwwZ43H0PkfSjVKxRxQEI/xyR3G4zyOLnH JymfA5eypGgVA6TiZU8JElznLPfzIjU88+v/cHt09IDPOD3jNaB8UylT/1PzzpLG xjjDB3Xmbzm6GK9qBOD2HI4Yu5WAOfm5Fm1BoyK2bA8gs8q8d9sqoJgBP0v68m0h IAXxUll/oInDldl3sU7+4CMU9hFYWRhK1Bkg== Received: from smtp2.dismail.de (<unknown> [10.240.26.12]) by mx1.dismail.de (OpenSMTPD) with ESMTP id acd5e0ce; Fri, 19 Mar 2021 17:22:59 +0100 (CET) Received: from smtp2.dismail.de (localhost [127.0.0.1]) by smtp2.dismail.de (OpenSMTPD) with ESMTP id 1467b0f0; Fri, 19 Mar 2021 17:22:59 +0100 (CET) Received: by dismail.de (OpenSMTPD) with ESMTPSA id a7a1b547 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Fri, 19 Mar 2021 17:22:58 +0100 (CET) From: Joshua Branson <jbranso@HIDDEN> To: 39136 <at> debbugs.gnu.org Subject: Re: bug#39136: [PATCH] gnu: services: Add endlessh. References: <874kwx91k6.fsf@HIDDEN> <87a6r39ksa.fsf@HIDDEN> Date: Fri, 19 Mar 2021 12:22:40 -0400 In-Reply-To: <87a6r39ksa.fsf@HIDDEN> (Joshua Branson's message of "Tue, 16 Mar 2021 11:32:21 -0400") Message-ID: <87h7l7kt9r.fsf_-_@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 39136 Cc: go.wigust@HIDDEN X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Ping for Oleg! Thanks! Joshua P.S. I forget to include your email in the patch series. I know the patch series could be better, but I figured I'd rather submit something rather than nothing. Thanks! -- Joshua Branson (joshuaBPMan in #guix) Sent from Emacs and Gnus https://gnucode.me https://video.hardlimit.com/accounts/joshua_branson/video-channels https://propernaming.org "You can have whatever you want, as long as you help enough other people get what they want." - Zig Ziglar
guix-patches@HIDDEN:bug#39136; Package guix-patches.
Full text available.Received: (at 39136) by debbugs.gnu.org; 16 Mar 2021 15:42:47 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Mar 16 11:42:47 2021 Received: from localhost ([127.0.0.1]:40786 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1lMBqI-00021e-Th for submit <at> debbugs.gnu.org; Tue, 16 Mar 2021 11:42:47 -0400 Received: from mx1.dismail.de ([78.46.223.134]:26741) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <jbranso@HIDDEN>) id 1lMBqH-00021P-26 for 39136 <at> debbugs.gnu.org; Tue, 16 Mar 2021 11:42:45 -0400 Received: from mx1.dismail.de (localhost [127.0.0.1]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 8c426939; Tue, 16 Mar 2021 16:42:38 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=date :message-id:from:to:cc:subject; s=20190914; bh=zelpc1C1M/koxQEXk +Roj/oRRZjWoddSC4CWJif1Ego=; b=l445TLAJ3ai5chRTcEKXelINRraad/uy+ h9B8rgRFPSJDu0SHW1A5jsYbirbD50GSXKI1kAS74wE003k7qA/XfcPV4WjYWv3x BhbZmR2XjfgMI4A5U7AS3hjU99U+U52GlPx5kS4XI4V6Qlim13ztKSjpZ9RyS9Sa sV0h50AfgDwOE0TQJvpeX4k1vuIhvilgY/Rkq+t4NaJNeGDtKosR04RZvV6icXsg o3HfHeiOlpl2lU1Di3VWQnuUJtAjtxgT0J7tKMWvexmZ0qV2vevOHX8FrXbuqBUe ViPgzTDe787C6qzWJuVQqwyT+y1px77yWtDzVCc47yoZgShnwBSJg== Received: from smtp2.dismail.de (<unknown> [10.240.26.12]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 87bf9ff5; Tue, 16 Mar 2021 16:42:38 +0100 (CET) Received: from smtp2.dismail.de (localhost [127.0.0.1]) by smtp2.dismail.de (OpenSMTPD) with ESMTP id 75f310ae; Tue, 16 Mar 2021 16:42:38 +0100 (CET) Received: by dismail.de (OpenSMTPD) with ESMTPSA id 5386d147 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Tue, 16 Mar 2021 16:42:37 +0100 (CET) Date: Tue, 16 Mar 2021 11:42:18 -0400 Message-Id: <878s6n9kbp.fsf@HIDDEN> From: Joshua Branson <jbranso@HIDDEN> To: 39136 <at> debbugs.gnu.org Subject: issues.guix.org not showing patch series? X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 39136 Cc: bug-guix@HIDDEN X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hello! I just submitted a patch series for an endlessh service! However, issues.guix.gnu.org/39136 does not properly show the patch series. :( Maybe I just submitted the patch series incorrectly. :) You can see the patch series here: https://lists.gnu.org/archive/html/guix-patches/2021-03/msg00672.html And via M-x debbugs-gnu-bugs RET 39136 RET I'm not certain what the issue is... This is the command that I used to send the patch series. #+BEGIN_SRC sh git send-email --to=39136 <at> debbugs.gnu.org HEAD~2 #+END_SRC Thanks! Your friend, Joshua
guix-patches@HIDDEN:bug#39136; Package guix-patches.
Full text available.Received: (at 39136) by debbugs.gnu.org; 16 Mar 2021 15:32:50 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Mar 16 11:32:50 2021 Received: from localhost ([127.0.0.1]:40762 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1lMBgg-0001k9-FO for submit <at> debbugs.gnu.org; Tue, 16 Mar 2021 11:32:50 -0400 Received: from mx1.dismail.de ([78.46.223.134]:15951) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <jbranso@HIDDEN>) id 1lMBgf-0001js-5h for 39136 <at> debbugs.gnu.org; Tue, 16 Mar 2021 11:32:50 -0400 Received: from mx1.dismail.de (localhost [127.0.0.1]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 6a7a8599 for <39136 <at> debbugs.gnu.org>; Tue, 16 Mar 2021 16:32:41 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=date :message-id:from:to:subject; s=20190914; bh=Od5ECtnalWwbRzVygkza bg6EEc6xgKcKA0/qTxYScpY=; b=az8nCDmYkBuEZgBT/03kQgjHWOeQG77pB9cC PXGe6VvaB+RJfZUNAX1XDMVlibXzsuSpwQRZEjYoAW1TfuxHfevikOiifhK99kV7 sKRyGp3OQOtc6n13QVO5EbDHXEslzExSPTZ9wAeTAcDCdgmH6W2WBx2Mj6XlEuCF N+6wc+CVg+yeUh0FIHQLpKxzUTzzEjJOFMC3S0D/di8n+cqdfCja5cSjFrDS0Mhx Fk8nPDWMHuwHGOj9QWniZpX8xTgFwvgmAndHn4PKC5JATIPLLHCmNy+sgd1e4juy oO6AWdnWWRyeckIvTgfzyds99zXP1ks/DjfuqXIWJ37AntYSyg== Received: from smtp2.dismail.de (<unknown> [10.240.26.12]) by mx1.dismail.de (OpenSMTPD) with ESMTP id 69d59fc6 for <39136 <at> debbugs.gnu.org>; Tue, 16 Mar 2021 16:32:41 +0100 (CET) Received: from smtp2.dismail.de (localhost [127.0.0.1]) by smtp2.dismail.de (OpenSMTPD) with ESMTP id 7d26d748 for <39136 <at> debbugs.gnu.org>; Tue, 16 Mar 2021 16:32:41 +0100 (CET) Received: by dismail.de (OpenSMTPD) with ESMTPSA id c4b0a7e4 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for <39136 <at> debbugs.gnu.org>; Tue, 16 Mar 2021 16:32:40 +0100 (CET) Date: Tue, 16 Mar 2021 11:32:21 -0400 Message-Id: <87a6r39ksa.fsf@HIDDEN> From: Joshua Branson <jbranso@HIDDEN> To: 39136 <at> debbugs.gnu.org Subject: My endlessh patch series X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 39136 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) So I've been working on this endlessh service for a while. I believe it could be better, but perfectionist can only do one thing perfectly: nothing. So I've submitted the above patch series. Let me know if it needs more work. At the moment, I believe that endlessh runs as root. It would be nice to let it run as user nobody or something like that. The endlessh systemd file provides an example of how to do that: https://github.com/skeeto/endlessh/blob/master/util/endlessh.service ## If you want Endlessh to bind on ports < 1024 ## 1) run: ## setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh ## 2) uncomment following line #AmbientCapabilities=CAP_NET_BIND_SERVICE ## 3) comment following line PrivateUsers=true Though setcap 'cap_net_bind_service=+ep' is linux specific. And I'm not certain if guix has a method for running setcap on items in the store. Those are just some relevant thoughts for improving the service! Thanks!
guix-patches@HIDDEN:bug#39136; Package guix-patches.
Full text available.
Received: (at 39136) by debbugs.gnu.org; 15 Mar 2021 16:30:45 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Mar 15 12:30:45 2021
Received: from localhost ([127.0.0.1]:36593 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lLq7B-0008De-5E
for submit <at> debbugs.gnu.org; Mon, 15 Mar 2021 12:30:45 -0400
Received: from mx1.dismail.de ([78.46.223.134]:14705)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <jbranso@HIDDEN>) id 1lLq76-0008D7-CA
for 39136 <at> debbugs.gnu.org; Mon, 15 Mar 2021 12:30:41 -0400
Received: from mx1.dismail.de (localhost [127.0.0.1])
by mx1.dismail.de (OpenSMTPD) with ESMTP id 08a985c3
for <39136 <at> debbugs.gnu.org>; Mon, 15 Mar 2021 17:30:36 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=from:to:cc
:subject:date:message-id:in-reply-to:references:mime-version
:content-type:content-transfer-encoding; s=20190914; bh=ZWnA8cQE
D15FcgVm4lkvQLCmzwjnpqoa8fb8XZivybU=; b=moGS8EXHaefYkXYle203v+5D
pxSXz1VToRQeNsO4FIjgeKRcx/2UfTuJtzbKN1vTpJIm8LWkG89njMZAJTmmQg8X
zyYXeWHE5PHlVhnS+RJ6NDWvOiKg2x8AKVnhIpO/L+/2LsfLyxEQ3Kx1u3c+Bmyf
nTZiaTaTa/C1bjvL6AAqsuJTjmbjVDYW56q9ur3st3Xy/IjkLHijsmFNbqmww8w6
UkiMr5J6K/bY7UISYUfvViTxZyvfCBBf2WLhVvcvpupoASZ/HPHcdRdYa2IvcEag
O65NtaovmkR5ujaXTVjeS339kGvdujQs8QEJtXZtGXlZAJt2YnlIUGEO/jbp3Q==
Received: from smtp2.dismail.de (<unknown> [10.240.26.12])
by mx1.dismail.de (OpenSMTPD) with ESMTP id 6c8dfcae
for <39136 <at> debbugs.gnu.org>; Mon, 15 Mar 2021 17:30:35 +0100 (CET)
Received: from smtp2.dismail.de (localhost [127.0.0.1])
by smtp2.dismail.de (OpenSMTPD) with ESMTP id 186989a5
for <39136 <at> debbugs.gnu.org>; Mon, 15 Mar 2021 17:30:35 +0100 (CET)
Received: by dismail.de (OpenSMTPD) with ESMTPSA id 84cc5fa7
(TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO);
Mon, 15 Mar 2021 17:30:34 +0100 (CET)
From: Joshua Branson <jbranso@HIDDEN>
To: 39136 <at> debbugs.gnu.org
Subject: [PATCH 2/2] services: containerized endlessh
Date: Mon, 15 Mar 2021 12:29:49 -0400
Message-Id: <20210315162949.17092-2-jbranso@HIDDEN>
X-Mailer: git-send-email 2.30.0
In-Reply-To: <20210315162949.17092-1-jbranso@HIDDEN>
References: <20210315162949.17092-1-jbranso@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=y
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.3 (/)
X-Debbugs-Envelope-To: 39136
Cc: Joshua Branson <jbranso@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.3 (-)
doc: endlessh service documentation.
* doc/guix.texi (Networking Services): New endlessh-service-type section.
services: containerized endlessh
* gnu/services/ssh.scm (endlessh-config->conf): make-forkexec-contructor ->
make-forkexec-constructor/container. and attempted to enable logging to syslog.
(define-record-type* <endlessh-configuration>)
move default values of endlessh configuration to separate line.
Add copyright line for Nicolo.
---
doc/guix.texi | 60 ++++++++++++++++++++++++++++++++++++++++++++
gnu/services/ssh.scm | 35 ++++++++++++++++++--------
2 files changed, 85 insertions(+), 10 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 464c1141d8..38807b3069 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -17081,6 +17081,66 @@ may cause undefined behaviour.
@end table
@end deftp
+@cindex Endlessh
+@deffn {Scheme Variable} endlessh-service-type
+This is the type for the @uref{https://github.com/skeeto/endlessh,
+Endlessh} program that delays ssh clients for days at a time by
+@emph{very slowly} sending a random and endless SSH banner. The smart
+hacker will put endlessh running on port 22, and let crackers get stuck
+in this tarpit. This lets your real ssh server run more securely on a
+non-standard port.
+
+For example:
+
+@lisp
+(service endlessh-service-type
+ (endlessh-configuration
+ (port-number 22)))
+@end lisp
+
+@end deffn
+
+@deftp {Data Type} endlessh-configuration
+Data type representing the configuration for @code{endlessh-service}.
+@table @asis
+@item @code{package} (default: @var{endlessh})
+@code{endlessh} package to use.
+
+@item @code{bind-family} (default: @code{'(ipv4 ipv6)})
+This specifies if endlessh should use ipv4 and/or ipv6.
+
+@item @code{delay} (default: @code{10000})
+The endless banner is sent one line at a time. This is the delay
+in milliseconds between individual lines.
+
+@item @code{length} (default: @code{32})
+The length of each line is randomized. This controls the maximum length
+of each line. Shorter lines may keep clients on for longer if they give
+up after a certain number of bytes.
+
+@item @code{max-clients} (default: @code{4096})
+Maximum number of connections to accept at a time. Connections beyond
+this are not immediately rejected, but will wait in the queue.
+
+@item @code{port-number} (default: @code{2222})
+The port on which to listen for new SSH connections. Most users who
+want to use endlessh as intended should set this port number to
+@code{22}.
+
+@item @code{log-level} (default: @code{0})
+Set the detail level for the log.
+@table @asis
+@item 0 = Quiet
+@item 1 = Standard, useful log messages
+@item 2 = Very noisy debugging information
+@end table
+
+@item @code{syslog} (default: @code{#f})
+Print diagnostics to syslog instead of standard output
+
+@end table
+@end deftp
+
@cindex WebSSH
@deffn {Scheme Variable} webssh-service-type
This is the type for the @uref{https://webssh.huashengdun.org/, WebSSH}
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index aad9bbc754..838655cf2c 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -6,6 +6,8 @@
;;; Copyright © 2019 Ricardo Wurmus <rekado@HIDDEN>
;;; Copyright © 2020 pinoaffe <pinoaffe@HIDDEN>
;;; Copyright © 2020 Oleg Pykhalov <go.wigust@HIDDEN>
+;;; Copyright © 2020 Nicolò Balzarotti <nicolo@HIDDEN>
+;;; Copyright @ 2021 Joshua Branson <jbranso@HIDDEN>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -752,19 +754,25 @@ object."
endlessh-configuration make-endlessh-configuration
endlessh-configuration?
;; list of two symbols, allowed values are ipv4, ipv6 or both
- (bind-family endlessh-configuration-bind-family (default '(ipv4 ipv6)))
+ (bind-family endlessh-configuration-bind-family
+ (default '(ipv4 ipv6)))
;; integer
- (delay endlessh-configuration-delay (default 10000))
+ (delay endlessh-configuration-delay
+ (default 10000))
;; integer
;; Must be in the range
- (length endlessh-configuration-length (default 32))
+ (length endlessh-configuration-length
+ (default 32))
;; integer
- (max-clients endlessh-configuration-max-clients (default 4096))
+ (max-clients endlessh-configuration-max-clients
+ (default 4096))
;; integer
- (port-number endlessh-configuration-port-number (default 2222))
+ (port-number endlessh-configuration-port-number
+ (default 2222))
;; integer
;; Allowed values are 0, 1 and 2
- (log-level endlessh-configuration-log-level (default 0)))
+ (log-level endlessh-configuration-log-level
+ (default 0)))
(define (endlessh-config->conf config)
"Convert the CONFIG of type <endlessh-config> to a config file."
@@ -797,15 +805,22 @@ object."
(shepherd-service
(documentation "Run endlessh tarpit server.")
(provision '(endlessh))
- (start #~(make-forkexec-constructor
- (list #$(file-append endlessh "/bin/endlessh")
- "-f" #$(endlessh-config->conf config))))
+ (start #~(make-forkexec-constructor/container
+ `(list #$(file-append endlessh "/bin/endlessh")
+ ,(if (positive? (endlessh-configuration-log-level config))
+ "-s"
+ "")
+ "-f" #$(endlessh-config->conf config))))
(stop #~(make-kill-destructor))))
(define endlessh-service-type
(service-type
(name 'endlessh)
- (description "Run endlessh tarpit server.")
+ (description "Endlessh is an SSH tarpit that very slowly sends an endless,
+random SSH banner. It keeps SSH clients locked up for hours or even days at a
+time. The purpose is to put your real SSH server on another port and then let
+the script kiddies get stuck in this tarpit instead of bothering a real
+server.")
(extensions
(list (service-extension shepherd-root-service-type
(compose list endlessh-shepherd-service))))
--
2.30.0
guix-patches@HIDDEN:bug#39136; Package guix-patches.
Full text available.
Received: (at 39136) by debbugs.gnu.org; 15 Mar 2021 16:30:42 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Mar 15 12:30:42 2021
Received: from localhost ([127.0.0.1]:36591 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lLq77-0008DU-OP
for submit <at> debbugs.gnu.org; Mon, 15 Mar 2021 12:30:42 -0400
Received: from mx1.dismail.de ([78.46.223.134]:14705)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <jbranso@HIDDEN>) id 1lLq75-0008D7-1v
for 39136 <at> debbugs.gnu.org; Mon, 15 Mar 2021 12:30:40 -0400
Received: from mx1.dismail.de (localhost [127.0.0.1])
by mx1.dismail.de (OpenSMTPD) with ESMTP id dff06951;
Mon, 15 Mar 2021 17:30:32 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=from:to:cc
:subject:date:message-id:mime-version:content-type
:content-transfer-encoding; s=20190914; bh=Tk6JjC8fyJ1LrzU5iVT/v
CyUXldeLislM8LsuyUE3UA=; b=CJyaMlmNTS4Kx487rc7suLxShh0EaZPztNHZa
2mP86l++eS9RszTH2Qow40aZFpTrSEfNBM3FDfBYfFD8nxOJSPG9s26Zz6S+zunl
6nog3tz3xoe5WBs7wcXFfwVQMlclLVfgB9R2O55CyeYOhufDlLKnoipX78+wc7FT
DIOsZwZvFRDHDtZTimgvK3l2kj/vr6TCDN0otKTvoO57BSwyqNR3Yg3aEi24rHqV
afXOkuHfFA/UFvnU1zEpCnmcGtVXhGDwqb7JXVn0zPR3JaDdvL0dVNUE7SldvsEd
R2moiE+7sz2nXXpLQMHSH2TTEW3hjteGfZzf9MLv9LKc8Mhww==
Received: from smtp2.dismail.de (<unknown> [10.240.26.12])
by mx1.dismail.de (OpenSMTPD) with ESMTP id beebfcd2;
Mon, 15 Mar 2021 17:30:31 +0100 (CET)
Received: from smtp2.dismail.de (localhost [127.0.0.1])
by smtp2.dismail.de (OpenSMTPD) with ESMTP id b8faeee4;
Mon, 15 Mar 2021 17:30:31 +0100 (CET)
Received: by dismail.de (OpenSMTPD) with ESMTPSA id 260a3f7e
(TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO);
Mon, 15 Mar 2021 17:30:30 +0100 (CET)
From: Joshua Branson <jbranso@HIDDEN>
To: 39136 <at> debbugs.gnu.org
Subject: [PATCH 1/2] services: Add endlessh service.
Date: Mon, 15 Mar 2021 12:29:48 -0400
Message-Id: <20210315162949.17092-1-jbranso@HIDDEN>
X-Mailer: git-send-email 2.30.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.3 (/)
X-Debbugs-Envelope-To: 39136
Cc: =?UTF-8?q?Nicol=C3=B2=20Balzarotti?= <nicolo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.3 (-)
From: Nicolò Balzarotti <nicolo@HIDDEN>
* gnu/services/ssh.scm: Add endlessh service
(<endlessh-configuration>): New record type.
(endlessh-config->conf, endlessh-shepherd-service, endlessh-service-type): New procedures.
---
gnu/services/ssh.scm | 73 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 73 insertions(+)
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 1891db0487..aad9bbc754 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -54,6 +54,10 @@
autossh-configuration?
autossh-service-type
+ endlessh-configuration
+ endlessh-configuration?
+ endlessh-service-type
+
webssh-configuration
webssh-configuration?
webssh-service-type
@@ -739,6 +743,75 @@ object."
autossh-service-activation)))
(default-value (autossh-configuration))))
+
+;;;
+;;; Endlessh.
+;;;
+
+(define-record-type* <endlessh-configuration>
+ endlessh-configuration make-endlessh-configuration
+ endlessh-configuration?
+ ;; list of two symbols, allowed values are ipv4, ipv6 or both
+ (bind-family endlessh-configuration-bind-family (default '(ipv4 ipv6)))
+ ;; integer
+ (delay endlessh-configuration-delay (default 10000))
+ ;; integer
+ ;; Must be in the range
+ (length endlessh-configuration-length (default 32))
+ ;; integer
+ (max-clients endlessh-configuration-max-clients (default 4096))
+ ;; integer
+ (port-number endlessh-configuration-port-number (default 2222))
+ ;; integer
+ ;; Allowed values are 0, 1 and 2
+ (log-level endlessh-configuration-log-level (default 0)))
+
+(define (endlessh-config->conf config)
+ "Convert the CONFIG of type <endlessh-config> to a config file."
+ (let* ((family (endlessh-configuration-bind-family config))
+ (ipv4 (member 'ipv4 family))
+ (ipv6 (member 'ipv6 family))
+ (port (endlessh-configuration-port-number config))
+ (delay (endlessh-configuration-delay config))
+ (length (endlessh-configuration-length config))
+ (log-level (endlessh-configuration-log-level config))
+ (max-clients (endlessh-configuration-max-clients config))
+ (bind
+ ;; check if both are true (0), or only one of them is present
+ (if (not (and (equal? ipv4 ipv6) ipv4))
+ (if ipv4 4
+ (if ipv6 6
+ (throw 'endlessh-error
+ "bind-family must contain at least one value")))
+ 0)))
+ (mixed-text-file "endlessh.conf"
+ "# Generated by 'endlessh-config'.\n\n"
+ "Port " (number->string port) "\n"
+ "Delay " (number->string delay) "\n"
+ "MaxLineLength " (number->string length) "\n"
+ "MaxClients " (number->string max-clients) "\n"
+ "LogLevel " (number->string log-level) "\n"
+ "BindFamily " (number->string bind) "\n")))
+
+(define (endlessh-shepherd-service config)
+ (shepherd-service
+ (documentation "Run endlessh tarpit server.")
+ (provision '(endlessh))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append endlessh "/bin/endlessh")
+ "-f" #$(endlessh-config->conf config))))
+ (stop #~(make-kill-destructor))))
+
+(define endlessh-service-type
+ (service-type
+ (name 'endlessh)
+ (description "Run endlessh tarpit server.")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ (compose list endlessh-shepherd-service))))
+ (default-value (endlessh-configuration))))
+
+
;;;
;;; WebSSH
--
2.30.0
guix-patches@HIDDEN:bug#39136; Package guix-patches.
Full text available.Received: (at 39136) by debbugs.gnu.org; 25 Jul 2020 20:08:55 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Jul 25 16:08:55 2020 Received: from localhost ([127.0.0.1]:51223 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1jzQTX-0002Is-6K for submit <at> debbugs.gnu.org; Sat, 25 Jul 2020 16:08:55 -0400 Received: from mail-lj1-f169.google.com ([209.85.208.169]:35362) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <go.wigust@HIDDEN>) id 1jzQTV-0002IX-Pw for 39136 <at> debbugs.gnu.org; Sat, 25 Jul 2020 16:08:54 -0400 Received: by mail-lj1-f169.google.com with SMTP id q4so13337927lji.2 for <39136 <at> debbugs.gnu.org>; Sat, 25 Jul 2020 13:08:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=YlsGf/6tUQEbCjhz+rRJY6MsIxTjTcrGPc8aDV9CTVo=; b=V4TqgogwNu5maVvz/ohf6IwclaBDiEbGdgwWN5AEWc/a6u67ul+XrcOe32F6Vs6wdO 31uMQ1AJmiqEhR27yA3XhIUPGpVtKJot78mvq/pVkAbaZ489Sz/+UnRfW58C/5E4U64E m9yyZSJyyhtlqkrfBsFE8Vv3YvI+d7kSX5KYNAdI5KHxrcy1IW8g9RUF6MteWE+O63AC ODkl7GLx5PLgi7HmLl7u/dZUo1ztM9rplp9s9P4fY9EKKcVC9FA4yTQg6SoHdhdiTz4o 9PYp+RGEjMXk6iUa4OH1UwnluZ1R0hOpYiLNwAnL0zuzi5Rv49am1VfHWF5VIGGgvuHQ Uv/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=YlsGf/6tUQEbCjhz+rRJY6MsIxTjTcrGPc8aDV9CTVo=; b=YfIk5YBPaEaXtWtSF9EVjy+5Vye0pJaNTLTAn3D6sFVQTcUAOK2lnQqLEcUyenGcsk cdeNfaH26npNJt38v40Nzz2PLjshO8NqYALPrcN1y8b2fRGXTzoFgeLLasIRIejtIP1S d8RYo1at3C+d5KLXnIiQg0UEzXsgMDF0ztsftuohFE6ncQgpj6owiQVNvy0XDV2C+PmG 4U6TiVHuDr53nQ6Uu0r8uT6Yrz83GhUyLyWpgbfmC9EFVPRvxNYZP3SIYHa5Cead0VBs 4ZaunJ3oVulb/vyU1VgQtYW+OxUcB6w0uY7V0TiRxHyOwDKNjzTd+eJkjBfb11R+LFEA VE8w== X-Gm-Message-State: AOAM533rjCB5KPodzroSFOVrm8BZhVPu1VItp4M+a9f/4GWzUYqA/c65 DECEM0ul8zbvDnJ0e0SbOgoobohw X-Google-Smtp-Source: ABdhPJwl+rNSZErxLfj3AEUSaLAy0fNA80ySiloRVY7hohLJJTrBeGgmb/lUcVhxE9SVBJGkWZDj+g== X-Received: by 2002:a05:651c:1134:: with SMTP id e20mr2066962ljo.40.1595707727552; Sat, 25 Jul 2020 13:08:47 -0700 (PDT) Received: from guixsd (ppp91-122-98-213.pppoe.avangarddsl.ru. [91.122.98.213]) by smtp.gmail.com with ESMTPSA id m26sm211705ljc.129.2020.07.25.13.08.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 25 Jul 2020 13:08:46 -0700 (PDT) From: Oleg Pykhalov <go.wigust@HIDDEN> To: anothersms@HIDDEN (=?utf-8?Q?Nicol=C3=B2?= Balzarotti) Subject: Re: [bug#39136] [PATCH] gnu: services: Add endlessh. References: <874kwx91k6.fsf@HIDDEN> Date: Sat, 25 Jul 2020 23:08:44 +0300 In-Reply-To: <874kwx91k6.fsf@HIDDEN> (=?utf-8?Q?=22Nicol=C3=B2?= Balzarotti"'s message of "Tue, 14 Jan 2020 22:21:29 +0100") Message-ID: <87365fl5mb.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: 39136 Cc: 39136 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, That patch was forgotten for some reason, but we still have a succeeded to build =E2=80=98endlessh=E2=80=99 package which missing a service! :-) anothersms@HIDDEN (Nicol=C3=B2 Balzarotti) writes: > This is my first service :) I know I still miss documentation and tests, > but before diving into it I wanted a general feedback on it (so that if > we decide to change something I don't have to adjust the docs and the > tests twice). Tests are appreciated ;-) > Endlessh is already in the repo, but for those who don't know: it's a > fake ssh server; it should be used to prevent bruteforce attacks and the > like by "freezing" the connection on the standard port (while the real > ssh server is on another non-standard port). So, I don't know if as > default port should be 22 or, as it is now, 2222 (program's default). 2222 is OK. But we need this be documented in =E2=80=98doc/guix.texi=E2=80= =99. Could you take a look on this, please? > My second doubt is regarding the place; it's an ssh server, but its main > purpose is for security? Maybe should go under admin.scm? I'm not sure I think gnu/services/ssh.scm is good. [=E2=80=A6] > +(define-record-type* <endlessh-configuration> > + endlessh-configuration make-endlessh-configuration > + endlessh-configuration? > + ;; list of two symbols, allowed values are ipv4, ipv6 or both > + (bind-family endlessh-configuration-bind-family (default '(ipv4 ipv6))) Please, move =E2=80=98(default =E2=80=A6)=E2=80=99 things on a separate lin= e. [=E2=80=A6] Otherwise LGTM. Could you send an update with a documented service? Thanks, Oleg. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEcjhxI46s62NFSFhXFn+OpQAa+pwFAl8ckUwACgkQFn+OpQAa +px84Q//cThaNKqntgDxuutVSS1XIFeUFFgpcWmUHtJOnvz+9PxQ1gZDzJY5R9xO GHERkNjoZopFfrt59owcIoBmnickxUembFYKQjssZscedr9prbX6oGjYgN5znKpk xN2lAcS11XsKMecv+M5UJvGvRGsXHcFQJl7nafyyIhlF3qbQmcgUO5r1PfjPSgrU uK8AyEvbdgYYQbvZTrboFPBn/frj+mIQ8HdXwaBtBBHuR8AcYderFCfD9fabWB8G Tb4Qh3dpF3W2FhY8x8FpYxEsZA4RR8YoHAHX8TLcqtRb/7IVscYb78L+TUEs53bs yb2o6RGpTsmRl7Muiw6Q4gGn7fdM9v28lgddILD6OB5dLImlP72YT9V6sTQ/Wev6 WFikCwH5ulrvhREP+cbYQPwV9XxgUj0EuXvd+Ya77ggG6x3Y6WnGRxEwL9Haykqi +HuRkj0k5GB5kWxjpNtmMd6QRV58SXRr7Zq5jrJvbPU+4Xa7joeLUOeKjmJ7PeXN SmGVgmiIKmflxGFI0DrXBP6e88XLwJkRKbeej+t8AlUffe5LXBH0ZS2+I6yhdDtr +uDTPIR2r7RL45CHeyO9E16umSXhyZU0RjhXVQ+lg83wjZgBajU3R4bmNYQQK85P 6ZZjZ6uLaHTSfkzGnD8t3GIusFzbEk11XD/QviSZC2j38pK5SOg= =XbGN -----END PGP SIGNATURE----- --=-=-=--
guix-patches@HIDDEN:bug#39136; Package guix-patches.
Full text available.
Received: (at submit) by debbugs.gnu.org; 14 Jan 2020 21:21:40 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jan 14 16:21:40 2020
Received: from localhost ([127.0.0.1]:33654 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1irTd5-0006x8-GQ
for submit <at> debbugs.gnu.org; Tue, 14 Jan 2020 16:21:40 -0500
Received: from lists.gnu.org ([209.51.188.17]:48207)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <anothersms@HIDDEN>) id 1irTd3-0006x1-GU
for submit <at> debbugs.gnu.org; Tue, 14 Jan 2020 16:21:38 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:49091)
by lists.gnu.org with esmtp (Exim 4.90_1)
(envelope-from <anothersms@HIDDEN>) id 1irTd1-00044c-VB
for guix-patches@HIDDEN; Tue, 14 Jan 2020 16:21:37 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level:
X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_40,FREEMAIL_FROM,
URIBL_BLOCKED autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <anothersms@HIDDEN>) id 1irTd0-0007ZX-7Z
for guix-patches@HIDDEN; Tue, 14 Jan 2020 16:21:35 -0500
Received: from mail-wm1-x335.google.com ([2a00:1450:4864:20::335]:53302)
by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
(Exim 4.71) (envelope-from <anothersms@HIDDEN>)
id 1irTcz-0007Yj-VI
for guix-patches@HIDDEN; Tue, 14 Jan 2020 16:21:34 -0500
Received: by mail-wm1-x335.google.com with SMTP id m24so15504159wmc.3
for <guix-patches@HIDDEN>; Tue, 14 Jan 2020 13:21:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=from:to:subject:date:message-id:mime-version;
bh=YAe21svaacBEdVgUt5LGPvtbT+z75Cr4foKr7hHvhzg=;
b=Eri6ghqtxz1c3IJDokMM5HQz8eIvytLfYgMLoO1l0Xxuche1EvSQ6km/tXgjdn68+n
dieK0MjdUQgpXlP0+SUkzU1bmFbnS1rdR2vMuq3frQ/wKVDplVs68KBn+ZJOp9z98+1s
yK9lUef94Prg4eJei4DHwFxQeeB3GdSo0SRL9nMgmOxq5eQoxO8LYvUqggYPYOeKtK4J
sB18daB2O8xHzi1LU55bmR045YxILtP2TNtZaZRKJ/9Bdij9/XJQkLQGWFiCSfwN3CIl
1humQLGu5oxnIFbPI1MbSM6IlHO6ybAFZxoQBYG2HmVLldrYGnM5dlnvTgfBwqCEsCgB
p/JQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:subject:date:message-id:mime-version;
bh=YAe21svaacBEdVgUt5LGPvtbT+z75Cr4foKr7hHvhzg=;
b=I1FZTc/9mkK9eG0+U5qW2QakZRbnb352ksaupZD0rx5cRPxHmnDvx3vK8KeoAzItyx
Ix8gKaJHD0SjLlwAs73TYfuX5s3JCjqge3z4bqykxuP8p3Zoy2SwBQ1Zo0+MbNFuf/+i
LHZ6WfrBbew5U4b2H72nX3GJkEk5ZVvHYaASay4EG6jOquq6kTx060QLlj+Sy/VQ6PbD
rFF93lDEv0cQJYI51yzlLw6Z8Mr0t7ZAClDBAydZSdBnk/5ahE+ecSAlC6tOXcx8N9US
G55Y8LSFdHlSoXnQwRpiNSYnieCavRERR3/dnzGryB16xVB95l3/JTmTgYR3ZkaUk85K
HqkQ==
X-Gm-Message-State: APjAAAVPIE4AxYWmtONB9Vedm8IZtWtqoaLGLBydJ7U8lsj1IxJduTbc
PFe1u14XLBGFiaAAecKfInaeRcc4
X-Google-Smtp-Source: APXvYqywVcVDmddYzLVeEd+Ceux2ffMJB+Z0L43Jx7MYr1CoTcaKEmIdP7wc1snXzxB5P2WeWmgxAw==
X-Received: by 2002:a1c:740b:: with SMTP id p11mr31139307wmc.78.1579036891695;
Tue, 14 Jan 2020 13:21:31 -0800 (PST)
Received: from guixSD (host146-19-dynamic.50-79-r.retail.telecomitalia.it.
[79.50.19.146])
by smtp.gmail.com with ESMTPSA id n10sm21160533wrt.14.2020.01.14.13.21.30
for <guix-patches@HIDDEN>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 14 Jan 2020 13:21:30 -0800 (PST)
From: anothersms@HIDDEN (=?utf-8?Q?Nicol=C3=B2?= Balzarotti)
To: guix-patches@HIDDEN
Subject: [PATCH] gnu: services: Add endlessh.
Date: Tue, 14 Jan 2020 22:21:29 +0100
Message-ID: <874kwx91k6.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
recognized.
X-Received-From: 2a00:1450:4864:20::335
X-Spam-Score: 2.5 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hello guix! This is my first service :) I know I still miss
documentation and tests, but before diving into it I wanted a general feedback
on it (so that if we decide to change something I don't have to adjust th
[...] Content analysis details: (2.5 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information. [URIs: nixo.xyz]
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
1.9 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: nixo.xyz (xyz)]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider (anothersms[at]gmail.com)
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/,
medium trust [209.51.188.17 listed in list.dnswl.org]
2.0 SPOOFED_FREEMAIL No description available.
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hello guix!
This is my first service :) I know I still miss documentation and tests,
but before diving into it I wanted a general feedback on it (so that if
we decide to change something I don't have to adjust the docs and the
tests twice).
Endlessh is already in the repo, but for those who don't know: it's a
fake ssh server; it should be used to prevent bruteforce attacks and the
like by "freezing" the connection on the standard port (while the real
ssh server is on another non-standard port). So, I don't know if as
default port should be 22 or, as it is now, 2222 (program's default).
My second doubt is regarding the place; it's an ssh server, but its main
purpose is for security? Maybe should go under admin.scm? I'm not sure
Last thing: bind-family as a list of allowed values is a suggetion from
IRC @leoprikler. Thanks for your help there!
Waiting for your feedback,
Nicol=C3=B2
--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment;
filename=0001-gnu-services-Add-endlessh.patch
From 63f975ec47de8ab951beaac6781327faf06d0cac Mon Sep 17 00:00:00 2001
From: nixo <nicolo@HIDDEN>
Date: Tue, 14 Jan 2020 22:08:15 +0100
Subject: [PATCH] gnu: services: Add endlessh.
* gnu/services/ssh.scm (endlessh): New variable.
---
gnu/services/ssh.scm | 74 +++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 73 insertions(+), 1 deletion(-)
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index d2dbb8f80d..d2729fb059 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -45,7 +45,11 @@
dropbear-configuration
dropbear-configuration?
dropbear-service-type
- dropbear-service))
+ dropbear-service
+
+ endlessh-configuration
+ endlessh-configuration?
+ endlessh-service-type))
;;; Commentary:
;;;
@@ -628,4 +632,72 @@ daemon} with the given @var{config}, a @code{<dropbear-configuration>}
object."
(service dropbear-service-type config))
+
+;;;
+;;; Endlessh.
+;;;
+
+(define-record-type* <endlessh-configuration>
+ endlessh-configuration make-endlessh-configuration
+ endlessh-configuration?
+ ;; list of two symbols, allowed values are ipv4, ipv6 or both
+ (bind-family endlessh-configuration-bind-family (default '(ipv4 ipv6)))
+ ;; integer
+ (delay endlessh-configuration-delay (default 10000))
+ ;; integer
+ ;; Must be in the range
+ (length endlessh-configuration-length (default 32))
+ ;; integer
+ (max-clients endlessh-configuration-max-clients (default 4096))
+ ;; integer
+ (port-number endlessh-configuration-port-number (default 2222))
+ ;; integer
+ ;; Allowed values are 0, 1 and 2
+ (log-level endlessh-configuration-log-level (default 0)))
+
+(define (endlessh-config->conf config)
+ "Convert the CONFIG of type <endlessh-config> to a config file."
+ (let* ((family (endlessh-configuration-bind-family config))
+ (ipv4 (member 'ipv4 family))
+ (ipv6 (member 'ipv6 family))
+ (port (endlessh-configuration-port-number config))
+ (delay (endlessh-configuration-delay config))
+ (length (endlessh-configuration-length config))
+ (log-level (endlessh-configuration-log-level config))
+ (max-clients (endlessh-configuration-max-clients config))
+ (bind
+ ;; check if both are true (0), or only one of them is present
+ (if (not (and (equal? ipv4 ipv6) ipv4))
+ (if ipv4 4
+ (if ipv6 6
+ (throw 'endlessh-error
+ "bind-family must contain at least one value")))
+ 0)))
+ (mixed-text-file "endlessh.conf"
+ "# Generated by 'endlessh-config'.\n\n"
+ "Port " (number->string port) "\n"
+ "Delay " (number->string delay) "\n"
+ "MaxLineLength " (number->string length) "\n"
+ "MaxClients " (number->string max-clients) "\n"
+ "LogLevel " (number->string log-level) "\n"
+ "BindFamily " (number->string bind) "\n")))
+
+(define (endlessh-shepherd-service config)
+ (shepherd-service
+ (documentation "Run endlessh tarpit server.")
+ (provision '(endlessh))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append endlessh "/bin/endlessh")
+ "-f" #$(endlessh-config->conf config))))
+ (stop #~(make-kill-destructor))))
+
+(define endlessh-service-type
+ (service-type
+ (name 'endlessh)
+ (description "Run endlessh tarpit server.")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ (compose list endlessh-shepherd-service))))
+ (default-value (endlessh-configuration))))
+
;;; ssh.scm ends here
--
2.24.1
--=-=-=--
anothersms@HIDDEN (Nicolò Balzarotti):guix-patches@HIDDEN.
Full text available.guix-patches@HIDDEN:bug#39136; Package guix-patches.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.