Hi!
Putting up a new server, I noticed (again) lots of syslog messages from
sshd about unknown users trying to log in. As I do not like to have the
log scattered by such messages every day over hours, I put my ssh server
on a different port. After thinking a bit about this problem, I put the
attached script together. Using netcat sitting on port 22 to build a
fake ssh server, an ssh tar pit. Trying to log in via ssh on port 22 now
hangs for hours. Happy hacking! :-)
May be anybody is interested about such an script. Any comments welcome.
--
Harald
#!/lib/exec/busybox sh
# Name of pid file
pid="/var/run/${0##*/}.pid"
# Display message and exit
die() {
echo "${0##*/}: $*" >&2
exit 1
}
# Display a usage message and exit
usage() {
echo -e "Usage: ${0##*/} [-p PORT]\n"
exit 0
}
# Our fake sshd daemon process
sshd() {
umask 0177
echo $$ >"$pid" \
&& chown root:nogrp "$pid" \
&& chmod 0604 "$pid" \
&& exec nc -llp "${port:-ssh}" -e cat -
exit 1
}
# Command option processing
while [ $# -gt 0 ]
do case "$1" in
'' ) sshd;;
\? | -\? | --help ) usage;;
-p | --port ) port="$2"; shift 2;;
-- ) shift; break;;
- ) break;;
-* ) die "Invalid option";;
* ) break;;
esac
done
# Check number of remaining arguments
[ $# -gt 1 ] && die "Too many arguments"
# Start daemon process in background
setsid nice -n 19 "$0" "" <>/dev/null >&0 2>&0 &
# That's it ...
exit
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox
