How to set up an SSH tar pit in Ubuntu Server 20.04

0


Jack Wallen shows you how to add an SSH tarpaulin to Ubuntu Server using Endlosh.

Image: iStock / http: //www.fotogestoeber.de

In your never-ending quest to protect your Linux servers, you have likely found many times that the security breaches occur over SSH. No matter how secure it is, it can still be cracked. Because of this, you may need to set up a tariff for this service.

Essentially, a tarpit is running on the standard SSH port, and if a hacker tries to break that port, they’ll get stuck in an infinite loop. This is how endlessh works. Install it and configure it for port 22 and the script kiddies end up in a tar pit and cannot escape.

I’m going to show you how to do just that.

SEE: Security Incident Response Policy (TechRepublic Premium)

What you will need

I’ll demonstrate how this is done on Ubuntu Server 20.04, although Endless can be installed on most Linux servers. You’ll need an instance of it running and a user with sudo permissions.

How to install endlessh

Although you can install endlessly from the standard repositories, we do not want this version as it does not contain the required systemd service file. Instead, clone endlessly from the GitHub repository with the command:

git clone https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fskeeto%2Fendlessh&data=04%7C01%7Cklotze%40redventures.com%7C6fd9d3b9fe70421d53c108d905aeb1f7%7C4289d6102cfd46218c9644a1518ddb0a%7C0%7C0%7C637547070126020517%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tyo6dI3mAFJXNo1zBGJXzcOpOVva%2FM5PuyS5wH5HvbY%3D&reserved=0

Before we go any further, you will likely need to install the tools necessary to create endlessh with the command:

sudo apt-get install build-essential -y

As soon as this is installed, switch to the newly created directory with the command:

cd endlessh

Compile endlessh with the command:

make

Install endlessh with the command:

sudo make install

After running the make install command, you need to copy the systemd service file with:

sudo cp util/endlessh.service /etc/systemd/system

How to configure endlessh

In the delivery state, Endlosh can only work on ports above 1024, but we would like to use the tool with the standard port. To do this, you need to make a change in the systemd service file. Issue the command:

sudo nano /etc/systemd/system/endlessh.service

In this file, uncomment the following line (remove the # signs):

#AmbientCapabilities=CAP_NET_BIND_SERVICE

We then need to comment out the following (add a # sign at the beginning of the line):

PrivateUsers=true

Save and close the file.

Next, run the command:

sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh

Next, open the Endlosh configuration file with the command:

sudo nano /etc/endlessh/config

You should change the port from 2222 to 22. If you find that there is nothing in this file, paste the following:

# The port on which to listen for new SSH connections.
Port 22

# The endless banner is sent one line at a time. This is the delay
# in milliseconds between individual lines.
Delay 10000

# The length of each line is randomized. This controls the maximum
# length of each line. Shorter lines may keep clients on for longer if
# they give up after a certain number of bytes.
MaxLineLength 32

# Maximum number of connections to accept at a time. Connections beyond
# these are not immediately rejected but will wait in the queue.
MaxClients 4096

# Set the detail level for the log.
# 0 = Quiet
# 1 = Standard, useful log messages
# 2 = Very noisy debugging information
LogLevel 0

# Set the family of the listening socket
# 0 = Use IPv4 Mapped IPv6 (Both v4 and v6, default)
# 4 = Use IPv4 only
# 6 = Use IPv6 only
BindFamily 0

Save and close the file.

How to configure SSH

Now we need to configure SSH to use a port other than 22. Open the daemon configuration file with the command:

sudo nano /etc/ssh/sshd_config

Change in this file:

Port 22

To:

Port 26

Save and close the file.

We now need to restart the server for the endless changes to take effect. After restarting the server, log in again and start / activate the endless service with the commands

sudo systemctl start endlessh
sudo systemctl enable endlessh

How to test endlessly

Open a terminal on another computer and try to log into the endless server with the command:

ssh [email protected] -v

USER is a valid user on the remote server and SERVER is the IP address of the server. You should see random lines indicating that you are in the endless tar pit (Figure A.). Press the keyboard shortcut Ctrl + c to exit the loop.

Figure A.

endlosha.jpg

Random lines mean that Endlosh is doing its job.

Congratulations, you’ve set up your first tarpit on a Linux server. Remember, if you log into this server using SSH you will need to do this with:

ssh [email protected] -p 26

USER is a valid user on the remote server and SERVER is the IP address of the server.

Subscribe to TechRepublics How To Make Work Work on YouTube for the latest technical advice to business professionals from Jack Wallen.

See also



Source link

Share.

About Author

Leave A Reply