Last Updated on August 11, 2021
SSH or Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.
SSH was designed as a replacement for Telnet and for unsecured remote shell protocols such as the Berkeley rsh and the related rlogin and rexec protocols. Those protocols send information, notably passwords, in plaintext, rendering them susceptible to interception and disclosure using packet analysis. The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet.
The SSH protocol specifications include a banner which is text that’s displayed when someone tries to log into a server via SSH. That specification doesn’t define any limit on the number of lines of text in that banner, nor does it specify any length of time to display that banner. Endlessh makes use of these two facts to help waste a script-kiddie’s time. Endlessh sends an endless stream of randomly-generated “other lines of data” without ever intending to send a version string. It waits a specified time between each line. This slows down the protocol, but prevents it from actually timing out.
In essence, Endlessh pretends to be a real SSH server, but it doesn’t use SSH at all. You run it on the standard port for SSH (which is 22). But you run your actual SSH server on a different port, say 69. When a script-kiddie’s script attempts to log in to the SSH server they are actually accessing Endlessh and get caught in a loop.
First we clone the project’s GitHub repository.
$ git clone https://github.com/skeeto/endlessh
Change into the project’s directory and compile the software.
$ cd endlessh
We can then move the executable to a directory in our path.
$ sudo make install
Enable the service with the commands:
$ sudo cp util/endlessh.service /etc/systemd/system
$ sudo systemctl enable endlessh
You’ll get the message “Created symlink /etc/systemd/system/multi-user.target.wants/endlessh.service → /etc/systemd/system/endlessh.service.”
Next we need to create the program’s configuration file.
$ sudo mkdir -p /etc/endlessh
$ sudo pico /etc/endlessh/config
There’s a sample config file on the GitHub’s project page that can be copy and pasted into the config file. Note, that the same config puts the tarpit on port 2222, but you’ll probably want it running on port 22 (as you’ll move SSH to a different port).
Now we’re ready to run the software with the command:
$ sudo systemctl start endlessh