GNU bug report logs -
#46851
[PATCH] services: Add endlessh service.
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 46851 in the body.
You can then email your comments to 46851 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#46851; Package
guix-patches.
(Mon, 01 Mar 2021 15:30:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Joshua Branson <jbranso <at> dismail.de>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Mon, 01 Mar 2021 15:30:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
* gnu/services/ssh.scm: Add endlessh service
(<endlessh-configuration>): New record type.
(%default-endlessh): New variable.
(endlessh-shepherd-service, endlessh-service-type): New procedures.
doc: doc/guix.texi (Networking Services): New endlessh-service-type section.
---
doc/guix.texi | 24 ++++++++++++
gnu/services/ssh.scm | 90 +++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 113 insertions(+), 1 deletion(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 27083f1ae6..bd6dbe5944 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -17081,6 +17081,30 @@ may cause undefined behaviour.
@end table
@end deftp
+@cindex Endlessh
+@deffn {Scheme Variable} endlessh-service-type
+This is the type for the @uref{https://github.com/skeeto/endlessh,
+Endlessh} program that delays ssh clients for days at a time by
+@emph{very slowly} sending a random and endless SSH banner. The smart
+hacker will put endlessh running on port 22, and let crackers get stuck
+in this tarpit. This lets your real ssh server run more securely on a
+non-standard port.
+
+@end deffn
+
+@deftp {Data Type} endlessh-configuration
+Data type representing the configuration for @code{endlessh-service}.
+@table @asis
+@item @code{package} (default: @var{endlessh})
+@code{endlessh} package to use.
+
+@item @code{config-file} (default: @var{"%default-endlessh-config-file"})
+The config file that endlessh should use.
+
+@end table
+@end deftp
+
+
@cindex WebSSH
@deffn {Scheme Variable} webssh-service-type
This is the type for the @uref{https://webssh.huashengdun.org/, WebSSH}
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index 1891db0487..3f77627ae3 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -1,11 +1,12 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo <at> gnu.org>
+;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2021 Ludovic Courtès <ludo <at> gnu.org>
;;; Copyright © 2016 David Craven <david <at> craven.ch>
;;; Copyright © 2016 Julien Lepiller <julien <at> lepiller.eu>
;;; Copyright © 2017 Clément Lassieur <clement <at> lassieur.org>
;;; Copyright © 2019 Ricardo Wurmus <rekado <at> elephly.net>
;;; Copyright © 2020 pinoaffe <pinoaffe <at> airmail.cc>
;;; Copyright © 2020 Oleg Pykhalov <go.wigust <at> gmail.com>
+;;; Copyright © 2021 Joshua Branson <jbranso <at> dismail.de>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -54,6 +55,11 @@
autossh-configuration?
autossh-service-type
+ endlessh-configuration
+ endlessh-configuration?
+ endlessh-service-type
+ %default-endlessh
+
webssh-configuration
webssh-configuration?
webssh-service-type
@@ -739,6 +745,88 @@ object."
autossh-service-activation)))
(default-value (autossh-configuration))))
+�
+;;;
+;;; Endlessh
+;;;
+
+(define-record-type* <endlessh-configuration>
+ endlessh-configuration make-endlessh-configuration
+ endlessh-configuration?
+ (package endlessh-configuration-package
+ (default endlessh))
+ (config-file endlessh-configuration-config-file
+ (default %default-endlessh-config-file)))
+
+(define %default-endlessh-config-file
+ (plain-file "endlessh.conf"
+ "# The port on which to listen for new SSH connections.
+Port 22
+
+# The endless banner is sent one line at a time. This is the delay
+# in milliseconds between individual lines.
+Delay 10000
+
+# The length of each line is randomized. This controls the maximum
+# length of each line. Shorter lines may keep clients on for longer if
+# they give up after a certain number of bytes.
+MaxLineLength 32
+
+# Maximum number of connections to accept at a time. Connections beyond
+# this are not immediately rejected, but will wait in the queue.
+MaxClients 4096
+
+# Set the detail level for the log.
+# 0 = Quiet
+# 1 = Standard, useful log messages
+# 2 = Very noisy debugging information
+LogLevel 0
+
+# Set the family of the listening socket
+# 0 = Use IPv4 Mapped IPv6 (Both v4 and v6, default)
+# 4 = Use IPv4 only
+# 6 = Use IPv6 only
+BindFamily 0"))
+
+(define endlessh-shepherd-service
+ (match-lambda
+ (($ <endlessh-configuration> package config-file)
+ (with-imported-modules (source-module-closure
+ '((gnu build shepherd)
+ ;; TODO add optional logging
+ ;;(gnu system file-systems)
+ ))
+ (list (shepherd-service
+ (documentation "Run the endlessh daemon.")
+ (provision '(endlessh))
+ (requirement '(networking))
+ (modules '((gnu build shepherd)
+ ;; TODO add optional logging
+ ;;(gnu system file-systems)
+ ))
+ (start #~(make-forkexec-constructor/container
+ (list #$(file-append package "/bin/endlessh")
+ "-f" #$config-file)
+ ;; TODO add optional logging
+ ;; #:mappings (list (file-system-mapping
+ ;; (source "/dev/log") ;for syslog
+ ;; (target source)))
+ ))
+ (stop #~(make-kill-destructor))))))))
+
+(define endlessh-service-type
+ (service-type
+ (name 'endlessh)
+ (description "Endlessh is an SSH tarpit that very slowly sends an endless,
+random SSH banner. It keeps SSH clients locked up for hours or even days at a
+time. The purpose is to put your real SSH server on another port and then let
+the script kiddies get stuck in this tarpit instead of bothering a real
+server.")
+ (extensions
+ (list (service-extension
+ shepherd-root-service-type endlessh-shepherd-service)))
+ (default-value (endlessh-configuration))))
+
�
;;;
;;; WebSSH
--
2.30.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#46851; Package
guix-patches.
(Mon, 01 Mar 2021 15:41:02 GMT)
Full text and
rfc822 format available.
Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):
Hi,
would you mind taking a look at bug#39136 ?
Having all params defined in scheme instead of in a file is maybe better
Thanks, Nicolò
Information forwarded
to
guix-patches <at> gnu.org:
bug#46851; Package
guix-patches.
(Mon, 01 Mar 2021 15:41:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#46851; Package
guix-patches.
(Mon, 01 Mar 2021 17:38:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 46851 <at> debbugs.gnu.org (full text, mbox):
Thanks for pointing this out! I'd be happy to try to use params and/or a config file.
I'll go ahead and try to send a new patch at bug 39136.
Thanks!
March 1, 2021 10:40 AM, "Nicolò Balzarotti" <anothersms <at> gmail.com> wrote:
> Hi,
> would you mind taking a look at bug#39136 ?
>
> Having all params defined in scheme instead of in a file is maybe better
>
> Thanks, Nicolò
Information forwarded
to
guix-patches <at> gnu.org:
bug#46851; Package
guix-patches.
(Mon, 01 Mar 2021 17:40:02 GMT)
Full text and
rfc822 format available.
Message #17 received at submit <at> debbugs.gnu.org (full text, mbox):
merge 46851 39136
Information forwarded
to
guix-patches <at> gnu.org:
bug#46851; Package
guix-patches.
(Mon, 01 Mar 2021 17:40:02 GMT)
Full text and
rfc822 format available.
Reply sent
to
jbranso <at> dismail.de:
You have taken responsibility.
(Mon, 08 Mar 2021 20:05:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Joshua Branson <jbranso <at> dismail.de>:
bug acknowledged by developer.
(Mon, 08 Mar 2021 20:05:02 GMT)
Full text and
rfc822 format available.
Message #25 received at 46851-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
[Message part 2 (text/html, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Tue, 06 Apr 2021 11:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 3 years and 14 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.