SSH Honeypot

1. #!/usr/bin/env python
2. #
3. # This file was part of rapidssh - http://bitbucket.org/gnotaras/rapidssh/
4.  
5. import sys
6. import time
7.  
8. from twisted.conch.unix import UnixSSHRealm
9. from twisted.cred import portal
10. from twisted.cred.credentials import IUsernamePassword
11. from twisted.cred.checkers import ICredentialsChecker
12. from twisted.cred.error import UnauthorizedLogin
13. from twisted.conch.checkers import SSHPublicKeyDatabase
14. from twisted.conch.ssh import factory, userauth, connection, keys, session
15. from twisted.internet import reactor, defer
16. from zope.interface import implements
17. from twisted.python import log
18.  
19. # Logging
20. # Currently logging to STDERR
21. #log.startLogging(sys.stdout)
22.  
23. accesslog = "access.log"
24.  
25. # Server-side public and private keys. These are the keys found in
26. # sshsimpleserver.py. Make sure you generate your own using ssh-keygen!
27.  
28. publicKey = 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAGEArzJx8OYOnJmzf4tfBEvLi8DVPrJ3/c9k2I/Az64fxjHf9imyRJbixtQhlH9lfNjUIx+4LmrJH5QNRsFporcHDKOTwTTYLh5KmRpslkYHRivcJSkbh/C+BR3utDS555mV'
29.  
30. privateKey = """-----BEGIN RSA PRIVATE KEY-----
31. MIIByAIBAAJhAK8ycfDmDpyZs3+LXwRLy4vA1T6yd/3PZNiPwM+uH8Yx3/YpskSW
32. 4sbUIZR/ZXzY1CMfuC5qyR+UDUbBaaK3Bwyjk8E02C4eSpkabJZGB0Yr3CUpG4fw
33. vgUd7rQ0ueeZlQIBIwJgbh+1VZfr7WftK5lu7MHtqE1S1vPWZQYE3+VUn8yJADyb
34. Z4fsZaCrzW9lkIqXkE3GIY+ojdhZhkO1gbG0118sIgphwSWKRxK0mvh6ERxKqIt1
35. xJEJO74EykXZV4oNJ8sjAjEA3J9r2ZghVhGN6V8DnQrTk24Td0E8hU8AcP0FVP+8
36. PQm/g/aXf2QQkQT+omdHVEJrAjEAy0pL0EBH6EVS98evDCBtQw22OZT52qXlAwZ2
37. gyTriKFVoqjeEjt3SZKKqXHSApP/AjBLpF99zcJJZRq2abgYlf9lv1chkrWqDHUu
38. DZttmYJeEfiFBBavVYIF1dOlZT0G8jMCMBc7sOSZodFnAiryP+Qg9otSBjJ3bQML
39. pSTqy7c3a2AScC/YyOwkDaICHnnD3XyjMwIxALRzl0tQEKMXs6hH8ToUdlLROCrP
40. EhQ0wahUTCk1gKA4uPD6TMTChavbh4K63OvbKg==
41. -----END RSA PRIVATE KEY-----"""
42.  
43.  
44. class PamPasswordDatabase:
45.     credentialInterfaces = IUsernamePassword,
46.     implements(ICredentialsChecker)
47.  
48.     def requestAvatarId(self, credentials):
49.         a = open(accesslog,"a")
50.         a.write(str(time.time()) + "\t" + credentials.username + "\t" + credentials.password + "\n")
51.         a.close()
52.         return defer.fail(UnauthorizedLogin("invalid password"))
53.         print dir(credentials)
54.         # if pam.authenticate(credentials.username, credentials.password):
55.         #     return defer.succeed(credentials.username)
56.         # return defer.fail(UnauthorizedLogin("invalid password"))
57.  
58.  
59. class UnixSSHdFactory(factory.SSHFactory):
60.     publicKeys = {
61.         'ssh-rsa': keys.Key.fromString(data=publicKey)
62.     }
63.     privateKeys = {
64.         'ssh-rsa': keys.Key.fromString(data=privateKey)
65.     }
66.     services = {
67.         'ssh-userauth': userauth.SSHUserAuthServer,
68.         'ssh-connection': connection.SSHConnection
69.     }
70.  
71. # Components have already been registered in twisted.conch.unix
72.  
73. portal = portal.Portal(UnixSSHRealm())
74. portal.registerChecker(PamPasswordDatabase())   # Supports PAM
75. #portal.registerChecker(SSHPublicKeyDatabase())  # Supports PKI
76. UnixSSHdFactory.portal = portal
77.  
78. if __name__ == '__main__':
79.     reactor.listenTCP(9091, UnixSSHdFactory())
80.     reactor.run()
81.