Last active
September 11, 2020 09:57
-
-
Save liam-stevenson/645c428eb7cd1225b854ac4a5e1125da to your computer and use it in GitHub Desktop.
Excerpts of the ssh module for opencanaryd
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM ubuntu:16.04 | |
RUN apt-get update && apt-get install -y openssh-server | |
RUN mkdir /var/run/sshd | |
RUN echo 'root:toor' | chpasswd | |
RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config | |
# SSH login fix. Otherwise user is kicked off after login | |
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd | |
ENV NOTVISIBLE "in users profile" | |
RUN echo "export VISIBLE=now" >> /etc/profile | |
EXPOSE 22 | |
CMD ["/usr/sbin/sshd", "-D"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def connectionLost(self, reason): | |
for i in self.interactors: | |
i.sessionClosed() | |
if self.transport.sessionno in self.factory.sessions: | |
del self.factory.sessions[self.transport.sessionno] | |
#self.lastlogExit() | |
if self.ttylog_open: | |
ttylog.ttylog_close(self.ttylog_file, time.time()) | |
self.ttylog_open = False | |
transport.SSHServerTransport.connectionLost(self, reason) | |
def sendDisconnect(self, reason, desc): | |
""" | |
Workaround for the "bad packet length" error message. | |
@param reason: the reason for the disconnect. Should be one of the | |
DISCONNECT_* values. | |
@type reason: C{int} | |
@param desc: a descrption of the reason for the disconnection. | |
@type desc: C{str} | |
""" | |
if not 'bad packet length' in desc.decode(): | |
# With python >= 3 we can use super? | |
transport.SSHServerTransport.sendDisconnect(self, reason, desc) | |
else: | |
self.transport.write('Protocol mismatch.\n') | |
log.msg('Disconnecting with error, code %s\nreason: %s' % \ | |
(reason, desc)) | |
self.transport.loseConnection() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@implementer(checkers.ICredentialsChecker) | |
class HoneypotPasswordChecker: | |
credentialInterfaces = (credentials.IUsernamePassword,) | |
def __init__(self, logger=None): | |
self.logger = logger | |
self.auth_attempt = 0 | |
def requestAvatarId(self, credentials): | |
return defer.fail(error.UnauthorizedLogin()) | |
@implementer(checkers.ICredentialsChecker) | |
class CanaryPublicKeyChecker: | |
credentialInterfaces = (credentials.ISSHPrivateKey,) | |
def __init__(self, logger=None): | |
self.logger = logger | |
self.auth_attempt = 0 | |
def requestAvatarId(self, credentials): | |
return defer.fail(error.UnauthorizedLogin()) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment