Fake SSH - Notes - Open wiki. Edit page – Debian weak PRNG and how to generate weak keysNote C'est une excellente idée surtout que le "ssh brute force" est toujours assez courant et que les solutions utilisant OpenSSH sont difficiles à modifier proprement. Cela permettrait de faire un honeypot à basse interaction sans avoir les risques de la suite logiciel OpenSSH.
Une bonne piste de travail est la librairie Paramiko (Python) qui implémente le protocole SSH au complet. L'idée modulaire qui permet d'avoir quelques commandes (surtout avec wget ;-) me semble aussi une excellente piste. Un module sur des failles d'authentification serait aussi fort utile : - module weak username/password - module clé RSA Debian (black-list) - module clé RSA acceptant toute les clés. Honey-ssh in Fake SSH. Fake SSH. HoneyPots. Shellinabox. Overview Shell In A Box implements a web server that can export arbitrary command line tools to a web based terminal emulator. This emulator is accessible to any JavaScript and CSS enabled web browser and does not require any additional browser plugins. Most typically, login shells would be exported this way: shellinaboxd -s /:LOGIN This command starts a web server at that allows users to login with their username and password and to get access to their login shell. All client-server communications are encrypted, if SSL/TLS certificates have been installed.
More details are available in the manual page. Demo As a demonstration of the terminal emulator's capabilities, we have connected it to a minimal BASIC interpreter. The BASIC interpreter is a work-in-progress. HoneyPot - Home - Open wiki. Documents, crypto(3) Crypto - OpenSSL cryptographic library The OpenSSL library implements a wide range of cryptographic algorithms used in various Internet standards. The services provided by this library are used by the OpenSSL implementations of SSL, TLS and S/MIME, and they have also been used to implement SSH, OpenPGP, and other cryptographic standards. consists of a number of sub-libraries that implement the individual algorithms.
The functionality includes symmetric encryption, public key cryptography and key agreement, certificate handling, cryptographic hash functions and a cryptographic pseudo-random number generator. dsa(3) , dh(3) , rsa(3) hmac(3) , md2(3) , md4(3) , md5(3) , mdc2(3) , ripemd(3) , sha(3) err(3) , threads(3) , rand(3) , OPENSSL_VERSION_NUMBER(3) Some of the newer functions follow a naming convention using the numbers and . Int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj); openssl(1) , ssl(3)
Libgcrypt - Free Software Directory - Free Software Foundation.