Allow any user/password entry in ssh

I want to setup ssh so that one can login with any username or password and be accepted. If they chose a username and password of an actual user on the system they will successfully login and use ssh as it was intended to be used, but if it is an incorrect password or even an incorrect username I want to grant the user access to a "shell" I create for wasting this intruders time.

The shell (which I've already created - called trollsh) seemingly "lags" (so that it doesn't waste my cpu in the case that someone thought they could annoy me by spamming the fake shell) and though it looks like bash and talks like bash, it returns very extraneous results for common functions. Like cat sounds for "cat", ridiculous error messages and a completely spoofed file-system with traps in every part of it. Inability to clear the screen or exit (with the exit command) are also features of this shell. The failures of these victims will be logged of course to later be shown to my peers and generate some fun laughs.

I believe if I use this shell rather than "deny" the user, it actually helps to prevent from brute force because of the fact that they seemingly "successfully login" with no matter what entry they provide! I could of course further protect my precious CPU, RAM, and Bandwidth by limiting their resources, allowing only a certain amount of these instances and disconnecting them after a set number of commands.

Can I possibly do this with ssh? Or do I need to create a wrapper for myself that uses ssh's protocol with my specifications (always allowing, incorrect -> trollsh (using some no-privileged fake user), correct -> normal user login) Thank you!

u8sand

Posted 2013-02-23T01:53:09.727

Reputation: 367

Uh, write your own SSH program? ;) – BenjiWiebe – 2013-02-23T02:02:33.020

so I'll have to do that after-all? was just wondering if I could use ssh to do it before making my own. – u8sand – 2013-02-23T02:54:16.523

I'm not positive, bit I am quite sure that you can not do that with any existing SSH server. Have fun writing code! – BenjiWiebe – 2013-02-23T02:55:22.340

thank you anyway, for now I'm just going to hack ssh's source to accomplish the task. – u8sand – 2013-02-23T02:59:26.030

Answers

Have a look at http://kojoney.sourceforge.net/ which I believe runs a modified SSH and honeypot. (another similar utility is http://blog.macuyiko.com/2011/03/running-ssh-honeypot-with-kippo-lets.html)

davidgo

Posted 2013-02-23T01:53:09.727

Reputation: 49 152

Thank you for these recommendations, I like how the user in the second link was able to log many things about the numerous attackers using kippo. Kippo is also written in python making it easily modifiable for my needs so I might just go with that! – u8sand – 2013-02-24T04:04:21.783

I use fake-sshd set up at port 22, which is a very simple tarpit written in C that

accepts connections
gives a password prompt after a specified delay
logs user+password if one is interested in that and
denies the login after a specified amount of time.

There is some additional functionality as well, but that is the gist of it.

It should be easy to add a system call to your shell in the code instead of giving a user error, so take a look if you want.

I made some modifications and small bug fixes that are available here. It depends on libssh. Compilation instructions are on the initially linked page.

Daniel Andersson

Posted 2013-02-23T01:53:09.727

Reputation: 20 465

Thanks! I might take a look at the code of fake-sshd and modify it a bit because though it does do MOST of what I want, I also want the ssh to be usable for people who DO have valid usernames/passwords on the server. – u8sand – 2013-02-24T04:01:01.353