~skeeto/public-inbox

1

Re: Endlessh: an SSH Tarpit

Tim Chase
Details
Message ID
<20200227225152.49a61a6e@bigbox.attlocal.net>
DKIM signature
missing
Download raw message
Is my understanding correct that endlessh only listens on the
external IP address, not on the local IP address?  If I try

  mylocalmachine$ telnet -4 myvps 2000

endlessh works as expected.  But if I SSH into my VPS machine and try

  myvps$ telnet 127.0.0.1 2000

the connection times out. Same for "-6" and "::1" for IPv6.

(feel free to stop reading here and ignore the rest if you're not
curious why I'd want to do a dumb thing like serve endlessh to
localhost)

Thanks!

-tim / @gumnos

gory details:

I know it seems a dumb thing to serve endlessh to localhost, but I
encountered an issue FreeBSD's pf(4)'s divert-to only talks to
localhost.  I've set up a whole range of ports on either side of
my real SSH port to make it more annoying to find the real one unless
you actually know the reall port#.  However at least on FreeBSD a
divert-to seems to only talk to 127.0.0.1 or ::1 rather than talking
on the external IP address.  I tried

 endlessh_port=2000
 real_ssh=2345
 ext_ip=192.168.1.32

 pass in log inet proto tcp from any to any port $endlessh_port
 pass in log inet proto tcp from any to any port 2001:2344 \
   divert-to $ext_ip port $endlessh_port
 pass in log inet proto tcp from any to any port 2346:2999 \
   divert-to $ext_ip port $endlessh_port

(with similar pairs for inet6)  When loading, pf seems to ignore the
"ext_ip" bit and just use 127.0.0.1 instead.

I've worked around it by doing a "rdr" in pf to redirect the whole
swath of ports but my understanding is that divert-to should be more
resource-friendly.  In case you want to follow along, the pf.conf
that work (possibly removing the back-slashes):

 rdr pass on $if_external inet proto tcp \
   from any to any port 2001:2344 -> \
   $ip4_external port $endlessh_port

 rdr pass on $if_external inet proto tcp \
   from any to any port 2346:2999 -> \
   $ip4_external port $endlessh_port

Re: Endlessh: an SSH Tarpit

Details
Message ID
<20200228135259.dodz46wussfbbx4k@nullprogram.com>
In-Reply-To
<20200227225152.49a61a6e@bigbox.attlocal.net> (view parent)
DKIM signature
missing
Download raw message
It *should* be binding to all available interfaces. In the source you 
can see it uses INADDR_ANY or in6addr_any. This is currently not 
configurable, meaning you haven't accidentally changed it. Testing now 
on both Debian and FreeBSD, I can connect to Endlessh via localhost 
using telnet just as you showed. Perhaps you have a local system 
configuration that's causing an issue?

Your requirement to have the service available on localhost makes sense, 
and I'd expect Endlessh to support it.
Reply to thread Export thread (mbox)