40 lines
1.1 KiB
Org Mode
40 lines
1.1 KiB
Org Mode
:PROPERTIES:
|
|
:ID: 1ed652bc-bdcc-4410-a207-fb470df29e71
|
|
:mtime: 20220927114630
|
|
:ctime: 20220927093748
|
|
:END:
|
|
#+title: endlessh
|
|
|
|
* Introduction
|
|
Outil permettant de ralentir les tentatives de connexions SSH sur le port 22 en envoyant une bannière très lentement
|
|
(client SSH bloqué pendant des heures), l'idée étant de se connecter depuis un autre port.
|
|
|
|
* Installation
|
|
#+BEGIN_SRC shell
|
|
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
|
|
sed -i 's/#Port 22/Port 2222/g' /etc/ssh/sshd_config
|
|
systemctl restart sshd
|
|
|
|
apt install endlessh
|
|
mkdir /etc/endlessh
|
|
cat >/etc/endlessh/config <<EOF
|
|
Port 22
|
|
EOF
|
|
|
|
setcap 'cap_net_bind_service=+ep' /usr/bin/endlessh
|
|
mkdir /etc/systemd/system/endlessh.service.d/
|
|
cat /etc/systemd/system/endlessh.service.d/override.conf <<EOF
|
|
[Service]
|
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
PrivateUsers=false
|
|
EOF
|
|
systemctl daemon-reload
|
|
systemctl restart endlessh.service
|
|
#+END_SRC
|
|
|
|
* Références
|
|
* [[https://github.com/skeeto/endlessh][endlessh - github]]
|
|
* [[https://www.digitalocean.com/community/tutorials/how-to-set-up-an-endlessh-tarpit-on-ubuntu-22-04][How To Set Up an Endlessh Tarpit on Ubuntu 22.04 - DigitalOcean]]
|
|
|
|
|