Re: NEW: net/endlessh
Ping.
On Wed, Dec 21, 2022 at 02:56:44PM +0100, Michael wrote:
> On Tue, Dec 20, 2022 at 07:04:19PM +0100, Pascal Stumpf wrote:
> > On Sun, 18 Dec 2022 15:11:22 +0100, Michael wrote:
> > > On Sun, Dec 18, 2022 at 11:55:12AM +, Stuart Henderson wrote:
> > > > On 2022/12/17 22:36, Michael wrote:
> > > > > On Sat, Dec 17, 2022 at 11:06:32AM +0100, Omar Polo wrote:
> > > > > > On 2022/12/17 10:41:26 +0100, Pascal Stumpf
> > > > > > wrote:
> > > > > > > On Sat, 17 Dec 2022 10:18:15 +0100, Pascal Stumpf wrote:
> > > > > > > > A few tweaks:
> > > > > > > >
> > > > > > > > * set MAKE_FLAGS so that the build respects CFLAGS
> > > > > > > > * NO_TESTS = Yes
> > > > > > > > * add README and endless.rc to the port itself, reformat, turn
> > > > > > > > on -s per
> > > > > > > > default (syslog logging)
> > > > > > > > * add dedicated _endlessh user
> > > > > > > > * install a default config file into examples and @sample it
> > > > > > >
> > > > > > > * correct Nm in endlessh.1
> > > > > >
> > > > > > there's an extra patch-Makefile.orig in the tarball and
> > > > > > pkg/endlessh.rc is executable when it doesn't need to.
> > > > > >
> > > > > > ok for me with that fixed.
> > > > >
> > > > > Thanks to Pascal and you for the tweaks.
> > > > >
> > > > > I have tested the latest revision; works as expected and the changes
> > > > > seem fine to me. I took the liberty of fixing the last problems Omar
> > > > > mentioned in the attached port.
> > > > >
> > > > > >
> > > > > >
> > > > > > in pkg/README I'd say to symlink /etc/rc.d/endlessh to endlessh6
> > > > > > instead of copying it, less to worry when updating.
> > > > > >
> > > > > > If I'm reading it correctly, it can't directly bind to 22 because it
> > > > > > doesn't start as root, it' would be nice to include an excerpt of
> > > > > > the
> > > > > > pf configuration to redirect the port 22 to .
> > > > > >
> > > > > > I'd use a patch instead of perl -pi in post-install to tweak the
> > > > > > configuration, it's more verbose but it's also more resiliant to
> > > > > > upstream changes to the file.
> > > > > >
> > > > > > Including the diff for user.list in case it comes in handy to who
> > > > > > would like to test it.
> > > > > >
> > > > > > Index: user.list
> > > > > > ===
> > > > > > RCS file: /home/cvs/ports/infrastructure/db/user.list,v
> > > > > > retrieving revision 1.413
> > > > > > diff -u -p -r1.413 user.list
> > > > > > --- user.list 14 Dec 2022 12:09:05 - 1.413
> > > > > > +++ user.list 17 Dec 2022 09:50:27 -
> > > > > > @@ -395,3 +395,4 @@ id usergroup port
> > > > > > 884 _iblock_iblock net/iblock
> > > > > > 885 _mycorrhiza_mycorrhiza www/mycorrhiza
> > > > > > 886 _eduvpn_eduvpn net/eduvpn
> > > > > > +887 _endlessh _endlessh net/endlessh
> > > > > >
> > > >
> > > > There is no 1.1 release yet, so better name it 1.1pre20210430 (date of
> > > > commit).
> > > >
> > > > From readme:
> > > >
> > > > : If you want to cover both IPv4 and IPv6 you'll need to run *two*
> > > > instances of
> > > > : endlessh.
> > > > :
> > > > : - copy the endlessh rc script to ${RCDIR}/endlessh6
> > > > : - copy the config file to ${SYSCONFDIR}/endlessh/config6
> > > > : - use BindFamily 6 in config6
> > > > : - in rc.conf.local force endlessh6 to load config6 like so:
> > > > :
> > > > : endlessh6_flags=-s -f /etc/endlessh/config6
> > > > : endlessh_flags=-s
> > > >
> > > > No need to tell the user to do this, just provide an endlessh6 rc script
> > > > with the required daemon_flags. I don't think you need a second config
> > > > file, just use -6.
> > > >
> > > > : Covering more than 128 connections
> > > > : ==
> > > > :
> > > > : The defaults in OpenBSD only allow for 128 open file descriptors per
> > > > process,
> > > > : so regardless of the MaxClients setting in
> > > > ${SYSCONFDIR}/endlessh/config
> > > > : you'll end up with something like 124 clients at the most.
> > > > : You can increase these limits in ${SYSCONFDIR}/login.conf for
> > > > endlessh (and
> > > > : endlessh6) like so:
> > > > :
> > > > : endlessh:\
> > > > : :openfiles=1024:\
> > > > : :tc=daemon:
> > > > : endlessh6:\
> > > > : :openfiles=1024:\
> > > > : :tc=daemon:
> > > >
> > > > Provide pkg/endlessh.login and endless6.login files instead. 1024x2 is
> > > > a bit high for the default kern.maxfiles, I would suggest not more than
> > > > 512 for the installed file, users can change it if they need more.
> > > >
> > > > Then because it is just using standard OS mechanisms there is no more
> > > > need for pkg/README.
> > > >
> > >
> > > Thanks for the feedback.
> > >
> > > Attached port should contain all the suggestions above.
> > > Also the pledge() comment was changed to "uses
Re: NEW: net/endlessh
On Tue, Dec 20, 2022 at 07:04:19PM +0100, Pascal Stumpf wrote:
> On Sun, 18 Dec 2022 15:11:22 +0100, Michael wrote:
> > On Sun, Dec 18, 2022 at 11:55:12AM +, Stuart Henderson wrote:
> > > On 2022/12/17 22:36, Michael wrote:
> > > > On Sat, Dec 17, 2022 at 11:06:32AM +0100, Omar Polo wrote:
> > > > > On 2022/12/17 10:41:26 +0100, Pascal Stumpf wrote:
> > > > > > On Sat, 17 Dec 2022 10:18:15 +0100, Pascal Stumpf wrote:
> > > > > > > A few tweaks:
> > > > > > >
> > > > > > > * set MAKE_FLAGS so that the build respects CFLAGS
> > > > > > > * NO_TESTS = Yes
> > > > > > > * add README and endless.rc to the port itself, reformat, turn on
> > > > > > > -s per
> > > > > > > default (syslog logging)
> > > > > > > * add dedicated _endlessh user
> > > > > > > * install a default config file into examples and @sample it
> > > > > >
> > > > > > * correct Nm in endlessh.1
> > > > >
> > > > > there's an extra patch-Makefile.orig in the tarball and
> > > > > pkg/endlessh.rc is executable when it doesn't need to.
> > > > >
> > > > > ok for me with that fixed.
> > > >
> > > > Thanks to Pascal and you for the tweaks.
> > > >
> > > > I have tested the latest revision; works as expected and the changes
> > > > seem fine to me. I took the liberty of fixing the last problems Omar
> > > > mentioned in the attached port.
> > > >
> > > > >
> > > > >
> > > > > in pkg/README I'd say to symlink /etc/rc.d/endlessh to endlessh6
> > > > > instead of copying it, less to worry when updating.
> > > > >
> > > > > If I'm reading it correctly, it can't directly bind to 22 because it
> > > > > doesn't start as root, it' would be nice to include an excerpt of the
> > > > > pf configuration to redirect the port 22 to .
> > > > >
> > > > > I'd use a patch instead of perl -pi in post-install to tweak the
> > > > > configuration, it's more verbose but it's also more resiliant to
> > > > > upstream changes to the file.
> > > > >
> > > > > Including the diff for user.list in case it comes in handy to who
> > > > > would like to test it.
> > > > >
> > > > > Index: user.list
> > > > > ===
> > > > > RCS file: /home/cvs/ports/infrastructure/db/user.list,v
> > > > > retrieving revision 1.413
> > > > > diff -u -p -r1.413 user.list
> > > > > --- user.list 14 Dec 2022 12:09:05 - 1.413
> > > > > +++ user.list 17 Dec 2022 09:50:27 -
> > > > > @@ -395,3 +395,4 @@ id user group port
> > > > > 884 _iblock _iblock net/iblock
> > > > > 885 _mycorrhiza _mycorrhiza www/mycorrhiza
> > > > > 886 _eduvpn _eduvpn net/eduvpn
> > > > > +887 _endlessh_endlessh net/endlessh
> > > > >
> > >
> > > There is no 1.1 release yet, so better name it 1.1pre20210430 (date of
> > > commit).
> > >
> > > From readme:
> > >
> > > : If you want to cover both IPv4 and IPv6 you'll need to run *two*
> > > instances of
> > > : endlessh.
> > > :
> > > : - copy the endlessh rc script to ${RCDIR}/endlessh6
> > > : - copy the config file to ${SYSCONFDIR}/endlessh/config6
> > > : - use BindFamily 6 in config6
> > > : - in rc.conf.local force endlessh6 to load config6 like so:
> > > :
> > > : endlessh6_flags=-s -f /etc/endlessh/config6
> > > : endlessh_flags=-s
> > >
> > > No need to tell the user to do this, just provide an endlessh6 rc script
> > > with the required daemon_flags. I don't think you need a second config
> > > file, just use -6.
> > >
> > > : Covering more than 128 connections
> > > : ==
> > > :
> > > : The defaults in OpenBSD only allow for 128 open file descriptors per
> > > process,
> > > : so regardless of the MaxClients setting in ${SYSCONFDIR}/endlessh/config
> > > : you'll end up with something like 124 clients at the most.
> > > : You can increase these limits in ${SYSCONFDIR}/login.conf for endlessh
> > > (and
> > > : endlessh6) like so:
> > > :
> > > : endlessh:\
> > > : :openfiles=1024:\
> > > : :tc=daemon:
> > > : endlessh6:\
> > > : :openfiles=1024:\
> > > : :tc=daemon:
> > >
> > > Provide pkg/endlessh.login and endless6.login files instead. 1024x2 is
> > > a bit high for the default kern.maxfiles, I would suggest not more than
> > > 512 for the installed file, users can change it if they need more.
> > >
> > > Then because it is just using standard OS mechanisms there is no more
> > > need for pkg/README.
> > >
> >
> > Thanks for the feedback.
> >
> > Attached port should contain all the suggestions above.
> > Also the pledge() comment was changed to "uses pledge() and unveil()"
> >
> > portcheck now complains about the two extra *.login files but looking at
> > other ports that have those this seems normal:
> >
> > # /usr/ports/infrastructure/bin/portcheck
> > extra file: pkg/endlessh.login
> > extra file: pkg/endlessh6.login
> > net/endlessh
> >
> >
> > (this time actually reaching the
Re: NEW: net/endlessh
On Sun, 18 Dec 2022 15:11:22 +0100, Michael wrote:
> On Sun, Dec 18, 2022 at 11:55:12AM +, Stuart Henderson wrote:
> > On 2022/12/17 22:36, Michael wrote:
> > > On Sat, Dec 17, 2022 at 11:06:32AM +0100, Omar Polo wrote:
> > > > On 2022/12/17 10:41:26 +0100, Pascal Stumpf wrote:
> > > > > On Sat, 17 Dec 2022 10:18:15 +0100, Pascal Stumpf wrote:
> > > > > > A few tweaks:
> > > > > >
> > > > > > * set MAKE_FLAGS so that the build respects CFLAGS
> > > > > > * NO_TESTS = Yes
> > > > > > * add README and endless.rc to the port itself, reformat, turn on
> > > > > > -s per
> > > > > > default (syslog logging)
> > > > > > * add dedicated _endlessh user
> > > > > > * install a default config file into examples and @sample it
> > > > >
> > > > > * correct Nm in endlessh.1
> > > >
> > > > there's an extra patch-Makefile.orig in the tarball and
> > > > pkg/endlessh.rc is executable when it doesn't need to.
> > > >
> > > > ok for me with that fixed.
> > >
> > > Thanks to Pascal and you for the tweaks.
> > >
> > > I have tested the latest revision; works as expected and the changes
> > > seem fine to me. I took the liberty of fixing the last problems Omar
> > > mentioned in the attached port.
> > >
> > > >
> > > >
> > > > in pkg/README I'd say to symlink /etc/rc.d/endlessh to endlessh6
> > > > instead of copying it, less to worry when updating.
> > > >
> > > > If I'm reading it correctly, it can't directly bind to 22 because it
> > > > doesn't start as root, it' would be nice to include an excerpt of the
> > > > pf configuration to redirect the port 22 to .
> > > >
> > > > I'd use a patch instead of perl -pi in post-install to tweak the
> > > > configuration, it's more verbose but it's also more resiliant to
> > > > upstream changes to the file.
> > > >
> > > > Including the diff for user.list in case it comes in handy to who
> > > > would like to test it.
> > > >
> > > > Index: user.list
> > > > ===
> > > > RCS file: /home/cvs/ports/infrastructure/db/user.list,v
> > > > retrieving revision 1.413
> > > > diff -u -p -r1.413 user.list
> > > > --- user.list 14 Dec 2022 12:09:05 - 1.413
> > > > +++ user.list 17 Dec 2022 09:50:27 -
> > > > @@ -395,3 +395,4 @@ id usergroup port
> > > > 884 _iblock_iblock net/iblock
> > > > 885 _mycorrhiza_mycorrhiza www/mycorrhiza
> > > > 886 _eduvpn_eduvpn net/eduvpn
> > > > +887 _endlessh _endlessh net/endlessh
> > > >
> >
> > There is no 1.1 release yet, so better name it 1.1pre20210430 (date of
> > commit).
> >
> > From readme:
> >
> > : If you want to cover both IPv4 and IPv6 you'll need to run *two*
> > instances of
> > : endlessh.
> > :
> > : - copy the endlessh rc script to ${RCDIR}/endlessh6
> > : - copy the config file to ${SYSCONFDIR}/endlessh/config6
> > : - use BindFamily 6 in config6
> > : - in rc.conf.local force endlessh6 to load config6 like so:
> > :
> > : endlessh6_flags=-s -f /etc/endlessh/config6
> > : endlessh_flags=-s
> >
> > No need to tell the user to do this, just provide an endlessh6 rc script
> > with the required daemon_flags. I don't think you need a second config
> > file, just use -6.
> >
> > : Covering more than 128 connections
> > : ==
> > :
> > : The defaults in OpenBSD only allow for 128 open file descriptors per
> > process,
> > : so regardless of the MaxClients setting in ${SYSCONFDIR}/endlessh/config
> > : you'll end up with something like 124 clients at the most.
> > : You can increase these limits in ${SYSCONFDIR}/login.conf for endlessh
> > (and
> > : endlessh6) like so:
> > :
> > : endlessh:\
> > : :openfiles=1024:\
> > : :tc=daemon:
> > : endlessh6:\
> > : :openfiles=1024:\
> > : :tc=daemon:
> >
> > Provide pkg/endlessh.login and endless6.login files instead. 1024x2 is
> > a bit high for the default kern.maxfiles, I would suggest not more than
> > 512 for the installed file, users can change it if they need more.
> >
> > Then because it is just using standard OS mechanisms there is no more
> > need for pkg/README.
> >
>
> Thanks for the feedback.
>
> Attached port should contain all the suggestions above.
> Also the pledge() comment was changed to "uses pledge() and unveil()"
>
> portcheck now complains about the two extra *.login files but looking at
> other ports that have those this seems normal:
>
> # /usr/ports/infrastructure/bin/portcheck
> extra file: pkg/endlessh.login
> extra file: pkg/endlessh6.login
> net/endlessh
>
>
> (this time actually reaching the mailinglist...)
As sthen@ said, you can now remove pkg/README. With that fixed, ok
pascal@.
>>> application/octet-stream attachment, name=endlessh.tgz
Re: NEW: net/endlessh
On Sun, Dec 18, 2022 at 11:55:12AM +, Stuart Henderson wrote:
> On 2022/12/17 22:36, Michael wrote:
> > On Sat, Dec 17, 2022 at 11:06:32AM +0100, Omar Polo wrote:
> > > On 2022/12/17 10:41:26 +0100, Pascal Stumpf wrote:
> > > > On Sat, 17 Dec 2022 10:18:15 +0100, Pascal Stumpf wrote:
> > > > > A few tweaks:
> > > > >
> > > > > * set MAKE_FLAGS so that the build respects CFLAGS
> > > > > * NO_TESTS = Yes
> > > > > * add README and endless.rc to the port itself, reformat, turn on -s
> > > > > per
> > > > > default (syslog logging)
> > > > > * add dedicated _endlessh user
> > > > > * install a default config file into examples and @sample it
> > > >
> > > > * correct Nm in endlessh.1
> > >
> > > there's an extra patch-Makefile.orig in the tarball and
> > > pkg/endlessh.rc is executable when it doesn't need to.
> > >
> > > ok for me with that fixed.
> >
> > Thanks to Pascal and you for the tweaks.
> >
> > I have tested the latest revision; works as expected and the changes
> > seem fine to me. I took the liberty of fixing the last problems Omar
> > mentioned in the attached port.
> >
> > >
> > >
> > > in pkg/README I'd say to symlink /etc/rc.d/endlessh to endlessh6
> > > instead of copying it, less to worry when updating.
> > >
> > > If I'm reading it correctly, it can't directly bind to 22 because it
> > > doesn't start as root, it' would be nice to include an excerpt of the
> > > pf configuration to redirect the port 22 to .
> > >
> > > I'd use a patch instead of perl -pi in post-install to tweak the
> > > configuration, it's more verbose but it's also more resiliant to
> > > upstream changes to the file.
> > >
> > > Including the diff for user.list in case it comes in handy to who
> > > would like to test it.
> > >
> > > Index: user.list
> > > ===
> > > RCS file: /home/cvs/ports/infrastructure/db/user.list,v
> > > retrieving revision 1.413
> > > diff -u -p -r1.413 user.list
> > > --- user.list 14 Dec 2022 12:09:05 - 1.413
> > > +++ user.list 17 Dec 2022 09:50:27 -
> > > @@ -395,3 +395,4 @@ id user group port
> > > 884 _iblock _iblock net/iblock
> > > 885 _mycorrhiza _mycorrhiza www/mycorrhiza
> > > 886 _eduvpn _eduvpn net/eduvpn
> > > +887 _endlessh_endlessh net/endlessh
> > >
>
> There is no 1.1 release yet, so better name it 1.1pre20210430 (date of
> commit).
>
> From readme:
>
> : If you want to cover both IPv4 and IPv6 you'll need to run *two* instances
> of
> : endlessh.
> :
> : - copy the endlessh rc script to ${RCDIR}/endlessh6
> : - copy the config file to ${SYSCONFDIR}/endlessh/config6
> : - use BindFamily 6 in config6
> : - in rc.conf.local force endlessh6 to load config6 like so:
> :
> : endlessh6_flags=-s -f /etc/endlessh/config6
> : endlessh_flags=-s
>
> No need to tell the user to do this, just provide an endlessh6 rc script
> with the required daemon_flags. I don't think you need a second config
> file, just use -6.
>
> : Covering more than 128 connections
> : ==
> :
> : The defaults in OpenBSD only allow for 128 open file descriptors per
> process,
> : so regardless of the MaxClients setting in ${SYSCONFDIR}/endlessh/config
> : you'll end up with something like 124 clients at the most.
> : You can increase these limits in ${SYSCONFDIR}/login.conf for endlessh (and
> : endlessh6) like so:
> :
> : endlessh:\
> : :openfiles=1024:\
> : :tc=daemon:
> : endlessh6:\
> : :openfiles=1024:\
> : :tc=daemon:
>
> Provide pkg/endlessh.login and endless6.login files instead. 1024x2 is
> a bit high for the default kern.maxfiles, I would suggest not more than
> 512 for the installed file, users can change it if they need more.
>
> Then because it is just using standard OS mechanisms there is no more
> need for pkg/README.
>
Thanks for the feedback.
Attached port should contain all the suggestions above.
Also the pledge() comment was changed to "uses pledge() and unveil()"
portcheck now complains about the two extra *.login files but looking at
other ports that have those this seems normal:
# /usr/ports/infrastructure/bin/portcheck
extra file: pkg/endlessh.login
extra file: pkg/endlessh6.login
net/endlessh
(this time actually reaching the mailinglist...)
endlessh.tgz
Description: Binary data
Re: NEW: net/endlessh
also change the comment to "uses pledge() and unveil()"
Re: NEW: net/endlessh
On 2022/12/17 22:36, Michael wrote:
> On Sat, Dec 17, 2022 at 11:06:32AM +0100, Omar Polo wrote:
> > On 2022/12/17 10:41:26 +0100, Pascal Stumpf wrote:
> > > On Sat, 17 Dec 2022 10:18:15 +0100, Pascal Stumpf wrote:
> > > > A few tweaks:
> > > >
> > > > * set MAKE_FLAGS so that the build respects CFLAGS
> > > > * NO_TESTS = Yes
> > > > * add README and endless.rc to the port itself, reformat, turn on -s per
> > > > default (syslog logging)
> > > > * add dedicated _endlessh user
> > > > * install a default config file into examples and @sample it
> > >
> > > * correct Nm in endlessh.1
> >
> > there's an extra patch-Makefile.orig in the tarball and
> > pkg/endlessh.rc is executable when it doesn't need to.
> >
> > ok for me with that fixed.
>
> Thanks to Pascal and you for the tweaks.
>
> I have tested the latest revision; works as expected and the changes
> seem fine to me. I took the liberty of fixing the last problems Omar
> mentioned in the attached port.
>
> >
> >
> > in pkg/README I'd say to symlink /etc/rc.d/endlessh to endlessh6
> > instead of copying it, less to worry when updating.
> >
> > If I'm reading it correctly, it can't directly bind to 22 because it
> > doesn't start as root, it' would be nice to include an excerpt of the
> > pf configuration to redirect the port 22 to .
> >
> > I'd use a patch instead of perl -pi in post-install to tweak the
> > configuration, it's more verbose but it's also more resiliant to
> > upstream changes to the file.
> >
> > Including the diff for user.list in case it comes in handy to who
> > would like to test it.
> >
> > Index: user.list
> > ===
> > RCS file: /home/cvs/ports/infrastructure/db/user.list,v
> > retrieving revision 1.413
> > diff -u -p -r1.413 user.list
> > --- user.list 14 Dec 2022 12:09:05 - 1.413
> > +++ user.list 17 Dec 2022 09:50:27 -
> > @@ -395,3 +395,4 @@ id usergroup port
> > 884 _iblock_iblock net/iblock
> > 885 _mycorrhiza_mycorrhiza www/mycorrhiza
> > 886 _eduvpn_eduvpn net/eduvpn
> > +887 _endlessh _endlessh net/endlessh
> >
There is no 1.1 release yet, so better name it 1.1pre20210430 (date of commit).
>From readme:
: If you want to cover both IPv4 and IPv6 you'll need to run *two* instances of
: endlessh.
:
: - copy the endlessh rc script to ${RCDIR}/endlessh6
: - copy the config file to ${SYSCONFDIR}/endlessh/config6
: - use BindFamily 6 in config6
: - in rc.conf.local force endlessh6 to load config6 like so:
:
: endlessh6_flags=-s -f /etc/endlessh/config6
: endlessh_flags=-s
No need to tell the user to do this, just provide an endlessh6 rc script
with the required daemon_flags. I don't think you need a second config
file, just use -6.
: Covering more than 128 connections
: ==
:
: The defaults in OpenBSD only allow for 128 open file descriptors per process,
: so regardless of the MaxClients setting in ${SYSCONFDIR}/endlessh/config
: you'll end up with something like 124 clients at the most.
: You can increase these limits in ${SYSCONFDIR}/login.conf for endlessh (and
: endlessh6) like so:
:
: endlessh:\
: :openfiles=1024:\
: :tc=daemon:
: endlessh6:\
: :openfiles=1024:\
: :tc=daemon:
Provide pkg/endlessh.login and endless6.login files instead. 1024x2 is
a bit high for the default kern.maxfiles, I would suggest not more than
512 for the installed file, users can change it if they need more.
Then because it is just using standard OS mechanisms there is no more
need for pkg/README.
Re: NEW: net/endlessh
> this is a port for endlessh [1], an SSH tarpit that slowly sends an > endless banner. > Tested on amd64. Works fine on mips64 too. After looking at the code, this could be a good port to add arc4random to, and perhaps the BSD list/tree macros, it seemed to have an implementation of its own in there. Unfortunately, the GH repo seems to indicate low activity last year, there were some good PRs not being merged. 8-( -- May the most significant bit of your life be positive.
Re: NEW: net/endlessh
On Sat, Dec 17, 2022 at 11:06:32AM +0100, Omar Polo wrote: > On 2022/12/17 10:41:26 +0100, Pascal Stumpf wrote: > > On Sat, 17 Dec 2022 10:18:15 +0100, Pascal Stumpf wrote: > > > A few tweaks: > > > > > > * set MAKE_FLAGS so that the build respects CFLAGS > > > * NO_TESTS = Yes > > > * add README and endless.rc to the port itself, reformat, turn on -s per > > > default (syslog logging) > > > * add dedicated _endlessh user > > > * install a default config file into examples and @sample it > > > > * correct Nm in endlessh.1 > > there's an extra patch-Makefile.orig in the tarball and > pkg/endlessh.rc is executable when it doesn't need to. > > ok for me with that fixed. Thanks to Pascal and you for the tweaks. I have tested the latest revision; works as expected and the changes seem fine to me. I took the liberty of fixing the last problems Omar mentioned in the attached port. > > > in pkg/README I'd say to symlink /etc/rc.d/endlessh to endlessh6 > instead of copying it, less to worry when updating. > > If I'm reading it correctly, it can't directly bind to 22 because it > doesn't start as root, it' would be nice to include an excerpt of the > pf configuration to redirect the port 22 to . > > I'd use a patch instead of perl -pi in post-install to tweak the > configuration, it's more verbose but it's also more resiliant to > upstream changes to the file. > > Including the diff for user.list in case it comes in handy to who > would like to test it. > > Index: user.list > === > RCS file: /home/cvs/ports/infrastructure/db/user.list,v > retrieving revision 1.413 > diff -u -p -r1.413 user.list > --- user.list 14 Dec 2022 12:09:05 - 1.413 > +++ user.list 17 Dec 2022 09:50:27 - > @@ -395,3 +395,4 @@ id user group port > 884 _iblock _iblock net/iblock > 885 _mycorrhiza _mycorrhiza www/mycorrhiza > 886 _eduvpn _eduvpn net/eduvpn > +887 _endlessh_endlessh net/endlessh > endlessh.tgz Description: Binary data
Re: NEW: net/endlessh
On 2022/12/17 10:41:26 +0100, Pascal Stumpf wrote: > On Sat, 17 Dec 2022 10:18:15 +0100, Pascal Stumpf wrote: > > A few tweaks: > > > > * set MAKE_FLAGS so that the build respects CFLAGS > > * NO_TESTS = Yes > > * add README and endless.rc to the port itself, reformat, turn on -s per > > default (syslog logging) > > * add dedicated _endlessh user > > * install a default config file into examples and @sample it > > * correct Nm in endlessh.1 there's an extra patch-Makefile.orig in the tarball and pkg/endlessh.rc is executable when it doesn't need to. ok for me with that fixed. in pkg/README I'd say to symlink /etc/rc.d/endlessh to endlessh6 instead of copying it, less to worry when updating. If I'm reading it correctly, it can't directly bind to 22 because it doesn't start as root, it' would be nice to include an excerpt of the pf configuration to redirect the port 22 to . I'd use a patch instead of perl -pi in post-install to tweak the configuration, it's more verbose but it's also more resiliant to upstream changes to the file. Including the diff for user.list in case it comes in handy to who would like to test it. Index: user.list === RCS file: /home/cvs/ports/infrastructure/db/user.list,v retrieving revision 1.413 diff -u -p -r1.413 user.list --- user.list 14 Dec 2022 12:09:05 - 1.413 +++ user.list 17 Dec 2022 09:50:27 - @@ -395,3 +395,4 @@ id usergroup port 884 _iblock_iblock net/iblock 885 _mycorrhiza_mycorrhiza www/mycorrhiza 886 _eduvpn_eduvpn net/eduvpn +887 _endlessh _endlessh net/endlessh
Re: NEW: net/endlessh
On Sat, 17 Dec 2022 10:18:15 +0100, Pascal Stumpf wrote: > A few tweaks: > > * set MAKE_FLAGS so that the build respects CFLAGS > * NO_TESTS = Yes > * add README and endless.rc to the port itself, reformat, turn on -s per > default (syslog logging) > * add dedicated _endlessh user > * install a default config file into examples and @sample it * correct Nm in endlessh.1 > On Fri, 16 Dec 2022 21:17:52 +0100, Michael wrote: > > Hi ports, > > > > this is a port for endlessh [1], an SSH tarpit that slowly sends an > > endless banner. From pkg/DESCR: > > > > Endlessh is an SSH tarpit that very slowly sends an endless, random > > SSH banner. It keeps SSH clients locked up for hours or even days at a > > time. The purpose is to put your real SSH server on another port and > > then let the script kiddies get stuck in this tarpit instead of > > bothering a real server. > > > > This uses the latest git commit since some OpenBSD specific files were > > added after version 1.1 got tagged. Same for some compiler warning > > fixes. I would like to switch back on using some release or tagged > > version as soon as it becomes available. > > > > I am unsure if all lines in post-install are correct the way they are, > > however providing those files makes sense to me. > > > > Tested on amd64. > > > > > > [1] https://github.com/skeeto/endlessh > > > >>> application/octet-stream attachment, name=endlessh.tar.gz > >>> application/x-gzip attachment, name=endlessh.tgz endlessh.tgz Description: endlessh.tgz
Re: NEW: net/endlessh
A few tweaks: * set MAKE_FLAGS so that the build respects CFLAGS * NO_TESTS = Yes * add README and endless.rc to the port itself, reformat, turn on -s per default (syslog logging) * add dedicated _endlessh user * install a default config file into examples and @sample it On Fri, 16 Dec 2022 21:17:52 +0100, Michael wrote: > Hi ports, > > this is a port for endlessh [1], an SSH tarpit that slowly sends an > endless banner. From pkg/DESCR: > > Endlessh is an SSH tarpit that very slowly sends an endless, random > SSH banner. It keeps SSH clients locked up for hours or even days at a > time. The purpose is to put your real SSH server on another port and > then let the script kiddies get stuck in this tarpit instead of > bothering a real server. > > This uses the latest git commit since some OpenBSD specific files were > added after version 1.1 got tagged. Same for some compiler warning > fixes. I would like to switch back on using some release or tagged > version as soon as it becomes available. > > I am unsure if all lines in post-install are correct the way they are, > however providing those files makes sense to me. > > Tested on amd64. > > > [1] https://github.com/skeeto/endlessh > >>> application/octet-stream attachment, name=endlessh.tar.gz endlessh.tgz Description: endlessh.tgz
NEW: net/endlessh
Hi ports, this is a port for endlessh [1], an SSH tarpit that slowly sends an endless banner. From pkg/DESCR: Endlessh is an SSH tarpit that very slowly sends an endless, random SSH banner. It keeps SSH clients locked up for hours or even days at a time. The purpose is to put your real SSH server on another port and then let the script kiddies get stuck in this tarpit instead of bothering a real server. This uses the latest git commit since some OpenBSD specific files were added after version 1.1 got tagged. Same for some compiler warning fixes. I would like to switch back on using some release or tagged version as soon as it becomes available. I am unsure if all lines in post-install are correct the way they are, however providing those files makes sense to me. Tested on amd64. [1] https://github.com/skeeto/endlessh endlessh.tar.gz Description: Binary data
