SSH-Tarpit

SSH honeypot capable of reading GeoIP databases and to output the informations in a SQLite or MySQL database. It can also be used as a tarpit to block hackers for some time.

Deployment

SQLite

Change user/pass and port if needed in the docker-compose.yml, create the database file, and then start the container:

  git clone https://git.rznet.fr/razian/ssh-tarpit.git
  cd ssh-tarpit
  vim docker-compose.yml
  touch logs.db
  docker-compose up -d

MySQL

Same as SQLite, but using the docker-compose-mysql.yml file:

  git clone https://git.rznet.fr/razian/ssh-tarpit.git
  cd ssh-tarpit
  vim docker-compose-mysql.yml
  docker-compose -f docker-compose-mysql.yml up -d

GeoIP

I use geoipupdate

Usage

Usage of ssh-tarpit:
  --db string
    	Path to SQLite database (default "./logs.db")
  --geoip string
    	Path to GeoIP databases
  --mysql_db string
    	MySQL database (default "sshtarpit")
  --mysql_host string
    	MySQL host (default "localhost")
  --mysql_pass string
    	MySQL password
  --mysql_port string
    	MySQL port (default "3306")
  --mysql_user string
    	MySQL username
  --port string
    	Port to listen on (default "2222")
  --tarpit
    	Tarpit connections (default "false")