3
I want to setup ssh so that one can login with any username or password and be accepted. If they chose a username and password of an actual user on the system they will successfully login and use ssh as it was intended to be used, but if it is an incorrect password or even an incorrect username I want to grant the user access to a "shell" I create for wasting this intruders time.
The shell (which I've already created - called trollsh) seemingly "lags" (so that it doesn't waste my cpu in the case that someone thought they could annoy me by spamming the fake shell) and though it looks like bash and talks like bash, it returns very extraneous results for common functions. Like cat sounds for "cat", ridiculous error messages and a completely spoofed file-system with traps in every part of it. Inability to clear the screen or exit (with the exit command) are also features of this shell. The failures of these victims will be logged of course to later be shown to my peers and generate some fun laughs.
I believe if I use this shell rather than "deny" the user, it actually helps to prevent from brute force because of the fact that they seemingly "successfully login" with no matter what entry they provide! I could of course further protect my precious CPU, RAM, and Bandwidth by limiting their resources, allowing only a certain amount of these instances and disconnecting them after a set number of commands.
Can I possibly do this with ssh? Or do I need to create a wrapper for myself that uses ssh's protocol with my specifications (always allowing, incorrect -> trollsh (using some no-privileged fake user), correct -> normal user login) Thank you!
Uh, write your own
SSH
program? ;) – BenjiWiebe – 2013-02-23T02:02:33.020so I'll have to do that after-all? was just wondering if I could use ssh to do it before making my own. – u8sand – 2013-02-23T02:54:16.523
I'm not positive, bit I am quite sure that you can not do that with any existing
SSH
server. Have fun writing code! – BenjiWiebe – 2013-02-23T02:55:22.340thank you anyway, for now I'm just going to hack ssh's source to accomplish the task. – u8sand – 2013-02-23T02:59:26.030