sshlog

A small tool to log IPs, usernames and passwords from incoming ssh-auth requests.

It opens a minimal SSH-Server and listens on IPv4 and IPv6 for auth requests. The goal of this little tool is to log the requests coming from bots living inside the wild internet.

Install

Make sure you have Golang installed and configured.

git clone https://git.sr.ht/~hamburghammer/sshlog
cd sshlog
go build

Now you should be able to execute the newly generated executable with ./sshlog.

Usage

Start with:

sshlog -a 0.0.0.0:2222

Output:

2021/06/02 23:08:31 Starting ssh logger on 0.0.0.0:2222...
2021/06/02 23:08:52 SRC=127.0.0.1 USERNAME=test PASSWORD=foo
2021/06/02 23:08:53 SRC=127.0.0.1 USERNAME=test PASSWORD=foof
2021/06/02 23:08:54 SRC=127.0.0.1 USERNAME=test PASSWORD=fooof

Output with --json:

2021/09/02 12:43:42 Starting ssh logger on 0.0.0.0:2222...
{"date": "2021-09-02T12:44:15+02:00", "src": "127.0.0.1", "username": "test", "password": "foo"}
{"date": "2021-09-02T12:44:18+02:00", "src": "127.0.0.1", "username": "test", "password": "foof"}
{"date": "2021-09-02T12:44:21+02:00", "src": "127.0.0.1", "username": "test", "password": "fooof"}

Options

A small tool to log IPs, usernames and passwords from incoming ssh-auth requests.

USAGE:
        sshlog [FLAGS]

FLAGS:
  -a, --address string   Address to listen for incoming connections. (default "0.0.0.0:22")
  -h, --help             Prints this help message and exits.
      --json             Log in JSON instead of plain text.
  -k, --key string       Path to the host key for the ssh server.
                         If absent it will automatically generate a new one for each run.

Utils

Inside the util directory you might find some additional information like how to create Systemd service for sshlog.

License

This project is being licensed under the MIT license.