Setup using Docker

Setup

Requirements

• An Operating System (currently only tested on Ubuntu, Debian and OpenBSD)
• Python 2.7
• Twisted (python-twisted)
• Cryptography (python-cryptography)
• Docker
• Docker python (docker-py)
• GeoIP python (python-geoip)
• service_identity python

Running

1. Edit honssh.cfg to your liking
2. Disable HONEYPOT STATIC: enabled = false
3. Enable HONEYPOT DOCKER: enabled = true
4. Enable both pre-auth and post-auth
5. Set image = to a Docker image that has sshd installed and running like rastasheep/ubuntu-sshd:14.04 (Dont forget to pull the image using docker pull <image>) Tips: If you are using the example docker image, don't forget to change launch_cmd to another command because sshd is already running inside the container.
6. Set honey_port to the port that the Openssh of the docker image is listening to.
7. Start honssh using:

./honsshctrl.sh START

honsshctrl.sh is a shell script (provided by Black September) that runs HonSSH in the background using twistd. Use 'honsshctrl.sh HELP' for more options.

You can also run it manually with more configuration options. For example, to run in the foreground use:

twistd -y honssh.tac -p honssh.pid -n

Troubleshooting

Error : No module named honssh after installed the requirements using pip

Try adding the PYTHONPATH to the Linux vars:

export PYTHONPATH="$PYTHONPATH:/folder/to/honssh"

The connection hangs and reply with no output

1. Copy the SSH banner using telnet (example: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3):

• telnet 127.0.0.1 22
• exit

2. Put it into the config file honssh.cfg at the var ssh_banner =.

Error : no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

Upgrade the requirements using pip:

pip install twisted cryptography --upgrade