Compare commits

...

4 commits

Author SHA1 Message Date
fc61e9f469
Adjust README section titel heights 2021-09-02 12:58:57 +02:00
26baa83da8
Add JSON logging option
The connection information can now be displayed in JSON format. To
activate it use the '--json' flag. It will only format the connection
information in JSON everything else will be still in plain text.
2021-09-02 12:54:21 +02:00
a63e9965f2
Fix not loading key from path if given as param 2021-09-02 12:17:22 +02:00
a3eddde736
Update crypto dependency to newest version 2021-09-02 12:11:59 +02:00
4 changed files with 38 additions and 12 deletions

View file

@ -4,7 +4,7 @@ A small tool to log IPs, usernames and passwords from incoming ssh-auth requests
It opens a minimal SSH-Server and listens on IPv4 and IPv6 for auth requests. It opens a minimal SSH-Server and listens on IPv4 and IPv6 for auth requests.
The goal of this little tool is to log the requests coming from bots living inside the wild internet. The goal of this little tool is to log the requests coming from bots living inside the wild internet.
# Install ## Install
Make sure you have Golang installed and configured. Make sure you have Golang installed and configured.
```shell ```shell
git clone https://git.sr.ht/~hamburghammer/sshlog git clone https://git.sr.ht/~hamburghammer/sshlog
@ -13,7 +13,7 @@ go build
``` ```
Now you should be able to execute the newly generated executable with `./sshlog`. Now you should be able to execute the newly generated executable with `./sshlog`.
# Usage ## Usage
Start with: Start with:
```shell ```shell
sshlog -p 2222 sshlog -p 2222
@ -27,7 +27,15 @@ Output:
2021/06/02 23:08:54 SRC=127.0.0.1 USERNAME=test PASSWORD=fooof 2021/06/02 23:08:54 SRC=127.0.0.1 USERNAME=test PASSWORD=fooof
``` ```
## Options Output with `--json`:
```text
2021/09/02 12:43:42 Starting ssh logger on port 2222...
{"date": "2021-09-02T12:44:15+02:00", "src": "127.0.0.1", "username": "test", "password": "foo"}
{"date": "2021-09-02T12:44:18+02:00", "src": "127.0.0.1", "username": "test", "password": "foof"}
{"date": "2021-09-02T12:44:21+02:00", "src": "127.0.0.1", "username": "test", "password": "fooof"}
```
### Options
```text ```text
A small tool to log IPs, usernames and passwords from incoming ssh-auth requests. A small tool to log IPs, usernames and passwords from incoming ssh-auth requests.
@ -36,12 +44,13 @@ USAGE:
FLAGS: FLAGS:
-h, --help Prints this help message and exits. -h, --help Prints this help message and exits.
--json Log in JSON instead of plain text.
-k, --key string Path to the host key for the ssh server. -k, --key string Path to the host key for the ssh server.
If absent it will automatically generate a new one for each run. If absent it will automatically generate a new one for each run.
-4, --onlyIPv4 Only listens on IPv4. -4, --onlyIPv4 Only listens on IPv4.
-p, --port string Port to listen for incoming connections. (default "22")) -p, --port string Port to listen for incoming connections. (default "22"))
``` ```
# Utils ## Utils
Inside the `util` directory you might find some additional information like how to create Systemd service for sshlog. Inside the `util` directory you might find some additional information like how to create Systemd service for sshlog.

2
go.mod
View file

@ -4,5 +4,5 @@ go 1.16
require ( require (
github.com/spf13/pflag v1.0.5 github.com/spf13/pflag v1.0.5
golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a golang.org/x/crypto v0.0.0-20210817164053-32db794688a5
) )

7
go.sum
View file

@ -1,10 +1,11 @@
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a h1:kr2P4QFmQr29mSLA43kwrOcgcReGTfbE9N577tCTuBc= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 h1:HWj/xjIHfjYU5nVXpTM0s39J9CbLn7Cc5a7IC5rwsMQ=
golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 h1:nxC68pudNYkKU6jWhgrqdreuFiOQWj1Fs7T3VrH4Pjw=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=

24
main.go
View file

@ -12,6 +12,7 @@ import (
"os" "os"
"strings" "strings"
"sync" "sync"
"time"
flags "github.com/spf13/pflag" flags "github.com/spf13/pflag"
@ -23,6 +24,7 @@ var (
isHelp bool isHelp bool
keyPath string keyPath string
onlyIPv4 bool onlyIPv4 bool
isJson bool
) )
func init() { func init() {
@ -30,6 +32,7 @@ func init() {
flags.StringVarP(&keyPath, "key", "k", "", "Path to the host key for the ssh server.\nIf absent it will automatically generate a new one for each run.") flags.StringVarP(&keyPath, "key", "k", "", "Path to the host key for the ssh server.\nIf absent it will automatically generate a new one for each run.")
flags.BoolVarP(&isHelp, "help", "h", false, "Prints this help message and exits.") flags.BoolVarP(&isHelp, "help", "h", false, "Prints this help message and exits.")
flags.BoolVarP(&onlyIPv4, "onlyIPv4", "4", false, "Only listens on IPv4.") flags.BoolVarP(&onlyIPv4, "onlyIPv4", "4", false, "Only listens on IPv4.")
flags.BoolVar(&isJson, "json", false, "Log in JSON instead of plain text.")
flags.Parse() flags.Parse()
} }
@ -82,12 +85,13 @@ func startAccepting(listener net.Listener, hostKey ssh.Signer) {
func getKey(path string) []byte { func getKey(path string) []byte {
if path != "" { if path != "" {
privateBytes, err := ioutil.ReadFile("private-key.pem") privateBytes, err := ioutil.ReadFile(path)
if err != nil { if err != nil {
log.Fatalf("Failed to load private key (%s)", path) log.Fatalf("Failed to load private key: %s", path)
} }
return privateBytes return privateBytes
} }
privatekey, err := rsa.GenerateKey(rand.Reader, 2048) privatekey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil { if err != nil {
log.Fatalf("Cannot generate RSA key\n") log.Fatalf("Cannot generate RSA key\n")
@ -105,9 +109,21 @@ func getKey(path string) []byte {
func PrintData(con net.Conn, hostKey ssh.Signer) { func PrintData(con net.Conn, hostKey ssh.Signer) {
serverConfig := ssh.ServerConfig{PasswordCallback: func(conn ssh.ConnMetadata, password []byte) (*ssh.Permissions, error) { serverConfig := ssh.ServerConfig{PasswordCallback: func(conn ssh.ConnMetadata, password []byte) (*ssh.Permissions, error) {
log.Printf("SRC=%s USERNAME=%s PASSWORD=%s\n", getIPWithoutPort(conn.RemoteAddr().String()), conn.User(), string(password)) ip := getIPWithoutPort(conn.RemoteAddr().String())
return nil, fmt.Errorf("password rejected for %q", conn.User()) if isJson {
fmt.Printf(
"{\"date\": \"%s\", \"src\": \"%s\", \"username\": \"%s\", \"password\": \"%s\"}\n",
time.Now().Format(time.RFC3339),
ip,
conn.User(),
string(password),
)
} else {
log.Printf("SRC=%s USERNAME=%s PASSWORD=%s\n", ip, conn.User(), string(password))
}
return nil, fmt.Errorf("password rejected for %s", conn.User())
}} }}
serverConfig.AddHostKey(hostKey) serverConfig.AddHostKey(hostKey)