hamburghammer-mirrors/sshlog
1
0
Fork 0
mirror of https://git.sr.ht/~hamburghammer/sshlog synced 2024-05-19 17:44:37 +02:00
Code Issues Projects Releases Wiki Activity
A small tool to log IPs, usernames and passwords from incoming ssh-auth requests.
19 commits 1 branch 10 tags 67 KiB
Go 92.9%
Dockerfile 7.1%
Go to file
Augusto Dwenger J. 26baa83da8
Add JSON logging option 
The connection information can now be displayed in JSON format. To
activate it use the '--json' flag. It will only format the connection
information in JSON everything else will be still in plain text.
2021-09-02 12:54:21 +02:00
util Add a README inside utils with systemd instructions 2021-06-18 21:26:20 +02:00
.dockerignore Add Docker setup 2021-09-01 23:02:37 +02:00
.gitignore Init commit 2021-06-16 23:09:13 +02:00
Dockerfile Add Docker setup 2021-09-01 23:02:37 +02:00
go.mod Update crypto dependency to newest version 2021-09-02 12:11:59 +02:00
go.sum Update crypto dependency to newest version 2021-09-02 12:11:59 +02:00
LICENSE Init commit 2021-06-16 23:09:13 +02:00
main.go Add JSON logging option 2021-09-02 12:54:21 +02:00
main_test.go Add ip to username and password log with new format 2021-06-16 23:10:05 +02:00
README.md Add JSON logging option 2021-09-02 12:54:21 +02:00

README.md

sshlog

A small tool to log IPs, usernames and passwords from incoming ssh-auth requests.

It opens a minimal SSH-Server and listens on IPv4 and IPv6 for auth requests. The goal of this little tool is to log the requests coming from bots living inside the wild internet.

Install

Make sure you have Golang installed and configured.

git clone https://git.sr.ht/~hamburghammer/sshlog
cd sshlog
go build

Now you should be able to execute the newly generated executable with ./sshlog.

Usage

Start with:

sshlog -p 2222

Output:

2021/06/02 23:08:31 Starting ssh logger on port 2222...
2021/06/02 23:08:52 SRC=127.0.0.1 USERNAME=test PASSWORD=foo
2021/06/02 23:08:53 SRC=127.0.0.1 USERNAME=test PASSWORD=foof
2021/06/02 23:08:54 SRC=127.0.0.1 USERNAME=test PASSWORD=fooof

Output with --json:

2021/09/02 12:43:42 Starting ssh logger on port 2222...
{"date": "2021-09-02T12:44:15+02:00", "src": "127.0.0.1", "username": "test", "password": "foo"}
{"date": "2021-09-02T12:44:18+02:00", "src": "127.0.0.1", "username": "test", "password": "foof"}
{"date": "2021-09-02T12:44:21+02:00", "src": "127.0.0.1", "username": "test", "password": "fooof"}

Options

A small tool to log IPs, usernames and passwords from incoming ssh-auth requests.

USAGE:
        sshlog [FLAGS]

FLAGS:
  -h, --help          Prints this help message and exits.
      --json          Log in JSON instead of plain text.
  -k, --key string    Path to the host key for the ssh server.
                      If absent it will automatically generate a new one for each run.
  -4, --onlyIPv4      Only listens on IPv4.
  -p, --port string   Port to listen for incoming connections. (default "22"))

Utils

Inside the util directory you might find some additional information like how to create Systemd service for sshlog.