A small tool to log IPs, usernames and passwords from incoming ssh-auth requests.
Go to file
Augusto Dwenger J. b5c2560358 Replace deprecated ioutil.ReadFile with new func from os 2023-09-21 23:16:03 +02:00
util Add a README inside utils with systemd instructions 2021-06-18 21:26:20 +02:00
.dockerignore Add Docker setup 2021-09-01 23:02:37 +02:00
.gitignore Init commit 2021-06-16 23:09:13 +02:00
Dockerfile Increase project golang version to 1.19 2022-08-11 18:16:32 +02:00
LICENSE Update copyright holder information 2022-05-21 16:13:08 +02:00
README.md Add a license section to the README 2022-05-21 16:15:44 +02:00
go.mod Update crypto lib 2023-09-14 19:09:32 +02:00
go.sum Update crypto lib 2023-09-14 19:09:32 +02:00
main.go Replace deprecated ioutil.ReadFile with new func from os 2023-09-21 23:16:03 +02:00

README.md

sshlog

A small tool to log IPs, usernames and passwords from incoming ssh-auth requests.

It opens a minimal SSH-Server and listens on IPv4 and IPv6 for auth requests. The goal of this little tool is to log the requests coming from bots living inside the wild internet.

Install

Make sure you have Golang installed and configured.

git clone https://git.sr.ht/~hamburghammer/sshlog
cd sshlog
go build

Now you should be able to execute the newly generated executable with ./sshlog.

Usage

Start with:

sshlog -p 2222

Output:

2021/06/02 23:08:31 Starting ssh logger on port 2222...
2021/06/02 23:08:52 SRC=127.0.0.1 USERNAME=test PASSWORD=foo
2021/06/02 23:08:53 SRC=127.0.0.1 USERNAME=test PASSWORD=foof
2021/06/02 23:08:54 SRC=127.0.0.1 USERNAME=test PASSWORD=fooof

Output with --json:

2021/09/02 12:43:42 Starting ssh logger on port 2222...
{"date": "2021-09-02T12:44:15+02:00", "src": "127.0.0.1", "username": "test", "password": "foo"}
{"date": "2021-09-02T12:44:18+02:00", "src": "127.0.0.1", "username": "test", "password": "foof"}
{"date": "2021-09-02T12:44:21+02:00", "src": "127.0.0.1", "username": "test", "password": "fooof"}

Options

A small tool to log IPs, usernames and passwords from incoming ssh-auth requests.

USAGE:
        sshlog [FLAGS]

FLAGS:
  -h, --help          Prints this help message and exits.
      --json          Log in JSON instead of plain text.
  -k, --key string    Path to the host key for the ssh server.
                      If absent it will automatically generate a new one for each run.
  -4, --onlyIPv4      Only listens on IPv4.
  -p, --port string   Port to listen for incoming connections. (default "22"))

Utils

Inside the util directory you might find some additional information like how to create Systemd service for sshlog.

License

This project is being licensed under the MIT license.