Endlessh is an SSH tarpit that sends an endless, random SSH banner, keeping SSH clients locked out for hours or even days. The goal is to put your real SSH server on a different port and then let the exploit bots get stuck in this tarpit instead of bothering a real server. After reading this article, you will learn how to Install Endlessh Tarpit on Ubuntu 22.04. Therefore, we recommend that you stay with us until the end.
Suppose you look closely at the authentication logs. In that case, you’ll see multiple failed login attempts from different IP addresses, often coming from a single node in a botnet that scans the entire web for vulnerable servers with default credentials.
Most users have a secure password or SSH keys that prevent attackers from accessing their servers. Some servers will be vulnerable to this scan, although you may not be able to prevent these attacks, you can speed up using Tarpit. Endlessh is a tarpit that slowly sends an infinitely long banner to any user who tries to log in.
The SSH service should also be configured to run on a different port, which will make your authentication logs more readable. Connect to your server through a non-standard port after the installation is complete, while any bot scanning your server wastes time knocking on a door that never opens.
– A Linux VPS Server with Ubuntu OS
– Sudo non-root user
– At least 1GB of RAM
– Git installed on the server
To learn how to install Endlessh on Ubuntu 22.04, it is necessary to learn how to install SSH. Then, in the next step, we will learn how to install Endlessh Tarpit on Ubuntu 22.04.
First, before installation, switch SSH to a non-standard port to free up a port for Endlessh. Since botnets do not have infinite resources, they only scan the default SSH port (22). Trap the bot in the Endlessh tarpit by forwarding your SSH to a non-standard port, and to get started, make a backup of your SSH configuration file from your server using the following command:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
Now if you want to SSH back to the default port, use this file to restore the original settings. Open the configuration file using Nano or your favorite text editor using the following command:
sudo nano /etc/ssh/sshd_config
In this step, find the command #Port 22. Uncomment this line by removing the # and then change the port to an unused port on your server:
... Port 2222 ...
For example, a normal unused port is 2222. You can use whatever port you want for your duplicate SSH connections, then save and close the file. If the server uses firewall such as ufw, you must allow traffic to the new port using the following command:
sudo ufw allow 2222/tcp
Then restart the SSH service using the following command:
sudo systemctl restart sshd
Now connect to your server in a separate terminal session using the new port using the command:
ssh linda@your_server_ip -p 2222
Be careful not to close your active SSH session unless you’ve verified that you’re using SSH on the new port. If you cannot connect to your server in a separate terminal session, you can restore your original SSH settings using the following commands. Also, if you run into more problems, check that sshd restarted successfully and check your firewall settings to make sure that port 2222 is accepting TCP traffic.:
sudo cp /etc/ssh/sshd_config.bak /etc/ssh/sshd_config sudo systemctl restart sshd
Whenever you confirm you can make a new connection to port 2222, feel free to close your main terminal. When connecting to your server in the future, you should always specify the new port, as follows:
ssh linda@your_server_ip -p 2222
After you successfully SSH to a non-standard port, you can start Endlessh.
First, before starting the installation, know that Endlessh doesn’t have an official package and you have to clone the repository to build it manually. Also, use Git to clone the repository, the build-essential package (for compiling the project), and the libc6-dev package. Install the required packages with the apt package manager using the following command:
sudo apt install build-essential libc6-dev
Confirm the installation with “y” when prompted. Now you should clone the Endlessh repository into your home directory:
git clone https://github.com/do-community/endlessh
Now you should go to the project directory and use the following command to compile Endlessh:
cd endlessh make
Then start Endlessh with the following command:
sudo ./endlessh -v -p 22
At this point to test that Endlessh is working, create an SSH connection to port 22 with the verbose -v flag, indicating that the Endlessh banner is being transmitted. Also, in a new terminal window, create an SSH connection to port 22 with one of the following commands:
ssh linda@your_server_ip -v
ssh linda@your_server_ip -p 22 -v
Now your new SSH session will try to connect to port 22, as in the following output, every 10 seconds a string of random characters will appear in the connection terminal until the session is closed as follows:
Output
debug1: kex_exchange_identification: banner line 0: NvnHF>]&W4p+tg*"+
debug1: kex_exchange_identification: banner line 1: n<
debug1: kex_exchange_identification: banner line 2: @/O5c0/;>1b{qd(M,vK
debug1: kex_exchange_identification: banner line 3: i+ OZ
debug1: kex_exchange_identification: banner line 4: yn
debug1: kex_exchange_identification: banner line 5: T[V\\[HUg
After verifying it works to connect to a session, close the new terminal and stop Endlessh using Ctrl+C in your main terminal session, then you’ve downloaded and built Endlessh from the source. Next, configure it and deploy it as a service so that it persists when the server is logged out and restarted.
Now to start the installation, start Endlessh as a service that will continue after the session ends and through the system reboot, then move the compiled binary to the folder using the following command:
sudo mv ./endlessh /usr/local/bin/
At this point, if a password is requested, enter it and copy the service file from the project to the directory using the following command:
sudo cp util/endlessh.service /etc/systemd/system/
Then change the service file a little so that Endlessh runs on ports below 1024. Open the service file in Nano or your favorite text editor using the following command:
sudo nano /etc/systemd/system/endlessh.service
Now, find the section about running Endlessh on ports below 1024, then change the commands as follows.:
... ## If you want Endlessh to bind on ports < 1024 ## 1) run: ## setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh ## 2) uncomment following line AmbientCapabilities=CAP_NET_BIND_SERVICE ## 3) comment following line #PrivateUsers=true ...
Now save and exit the file at this point, then allow Endlessh to run on ports less than 1024 called internet-domain ports. Set this feature for the Endlessh binary with the setcap command as follows:
sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh
The critical point is that at this stage you need to define a configuration file for Endlessh to determine the port:
sudo mkdir /etc/endlessh sudo nano /etc/endlessh/config
At this stage, in the configuration file, define the port used as 22 using the command:
Port 22
Now save and close the file, then start the Endlessh service continuously using the command:
sudo systemctl --now enable endlessh
At this point, now enable will cause the service to continue after restarting your server, and to check if the service has started successfully, use the systemctl status command as follows:
sudo systemctl status endlessh
Now if it starts successfully you will see the output as below:
Output ● endlessh.service - Endlessh SSH Tarpit Loaded: loaded (/etc/systemd/system/endlessh.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2022-04-22 11:20:39 UTC; 1 months 11 days ago Docs: man:endlessh(1) Main PID: 34007 (endlessh) Tasks: 1 (limit: 1081) Memory: 380.0K CGroup: /system.slice/endlessh.service └─34007 /usr/local/bin/endlessh
Now if it is running, you can try connecting to port 22 in a new terminal session using the following command:
ssh linda@your_server_ip
If your tarpit is running, the new terminal session will not be able to connect and will run forever until manually stopped by Ctrl+C in the terminal connection. Also, to stop the service, you can use the following command:
sudo systemctl --now disable endlessh
At this point, after stopping the service, use the SSH restore instructions in the step 1 warning to restore your original server settings, then re-enable the service with sudo systemctl. Now enable Endlessh without going through setup again and make sure SSH is not running on port 22.
In this Tutorial, you learned How To Install Endlessh Tarpit on Ubuntu 22.04. Now you’ve successfully installed and configured Endlessh, finished clearing your authentication logs, and are ready to waste time with random SSH bots. We hope this educational article was useful for you.
Tags
Content Management Systems are a group of software that allows users to produce, publish, organize, ...
Tags
The impact of the virtual machine in the system is such that it abstracts the computer hardware such...
Tags
