2021-06-01 23:05:41 +02:00
|
|
|
# sshlog
|
2021-06-03 00:19:56 +02:00
|
|
|
A small tool to log IPs, usernames and passwords from incoming ssh-auth requests.
|
2021-06-02 23:50:16 +02:00
|
|
|
|
|
|
|
It opens a minimal SSH-Server and listens on IPv4 and IPv6 for auth requests.
|
|
|
|
The goal of this little tool is to log the requests coming from bots living inside the wild internet.
|
2021-06-01 23:05:41 +02:00
|
|
|
|
2021-09-02 12:58:57 +02:00
|
|
|
## Install
|
2021-06-01 23:05:41 +02:00
|
|
|
Make sure you have Golang installed and configured.
|
|
|
|
```shell
|
2021-06-17 00:11:03 +02:00
|
|
|
git clone https://git.sr.ht/~hamburghammer/sshlog
|
2021-06-01 23:05:41 +02:00
|
|
|
cd sshlog
|
2021-06-02 23:50:16 +02:00
|
|
|
go build
|
2021-06-01 23:05:41 +02:00
|
|
|
```
|
2021-06-02 23:50:16 +02:00
|
|
|
Now you should be able to execute the newly generated executable with `./sshlog`.
|
2021-06-01 23:05:41 +02:00
|
|
|
|
2021-09-02 12:58:57 +02:00
|
|
|
## Usage
|
2021-06-01 23:05:41 +02:00
|
|
|
Start with:
|
|
|
|
```shell
|
2024-09-29 23:15:18 +02:00
|
|
|
sshlog -a 0.0.0.0:2222
|
2021-06-01 23:05:41 +02:00
|
|
|
```
|
|
|
|
|
|
|
|
Output:
|
|
|
|
```text
|
2024-09-29 23:15:18 +02:00
|
|
|
2021/06/02 23:08:31 Starting ssh logger on 0.0.0.0:2222...
|
2021-06-02 23:50:16 +02:00
|
|
|
2021/06/02 23:08:52 SRC=127.0.0.1 USERNAME=test PASSWORD=foo
|
|
|
|
2021/06/02 23:08:53 SRC=127.0.0.1 USERNAME=test PASSWORD=foof
|
|
|
|
2021/06/02 23:08:54 SRC=127.0.0.1 USERNAME=test PASSWORD=fooof
|
|
|
|
```
|
|
|
|
|
2021-09-02 12:54:21 +02:00
|
|
|
Output with `--json`:
|
|
|
|
```text
|
2024-09-29 23:15:18 +02:00
|
|
|
2021/09/02 12:43:42 Starting ssh logger on 0.0.0.0:2222...
|
2021-09-02 12:54:21 +02:00
|
|
|
{"date": "2021-09-02T12:44:15+02:00", "src": "127.0.0.1", "username": "test", "password": "foo"}
|
|
|
|
{"date": "2021-09-02T12:44:18+02:00", "src": "127.0.0.1", "username": "test", "password": "foof"}
|
|
|
|
{"date": "2021-09-02T12:44:21+02:00", "src": "127.0.0.1", "username": "test", "password": "fooof"}
|
|
|
|
```
|
|
|
|
|
2021-09-02 12:58:57 +02:00
|
|
|
### Options
|
2021-06-02 23:50:16 +02:00
|
|
|
```text
|
2021-06-03 00:19:56 +02:00
|
|
|
A small tool to log IPs, usernames and passwords from incoming ssh-auth requests.
|
2021-06-02 23:50:16 +02:00
|
|
|
|
|
|
|
USAGE:
|
|
|
|
sshlog [FLAGS]
|
|
|
|
|
|
|
|
FLAGS:
|
2024-09-29 23:15:18 +02:00
|
|
|
-a, --address string Address to listen for incoming connections. (default "0.0.0.0:22")
|
|
|
|
-h, --help Prints this help message and exits.
|
|
|
|
--json Log in JSON instead of plain text.
|
|
|
|
-k, --key string Path to the host key for the ssh server.
|
|
|
|
If absent it will automatically generate a new one for each run.
|
2021-06-01 23:05:41 +02:00
|
|
|
```
|
2021-06-17 23:36:52 +02:00
|
|
|
|
2021-09-02 12:58:57 +02:00
|
|
|
## Utils
|
2021-06-17 23:36:52 +02:00
|
|
|
Inside the `util` directory you might find some additional information like how to create Systemd service for sshlog.
|
|
|
|
|
2022-05-21 16:15:44 +02:00
|
|
|
## License
|
|
|
|
This project is being licensed under the [MIT license](LICENSE).
|