View Larger Image How to use sshoney.py (SSH Honeypot) sshoney.sh is a simple Python-based SSH Honeypot that can be used for conducting security research. Logon attempts and login data (ip:username:password) are recorded to a local “credentials.txt” file which you can review at any time. The setup instructions below are exclusively for the Debian distribution. Before running the sshoney.py Python script you will need to generate an RSA key pair that is used by the script when an attempt is made to login to the Python-based SSH Honeypot. To generate the RSA key pair, follow the instructions below. Generate an RSA key pair using ssh-keygen. When prompted enter the location where you will store the key pair. In this example I simply stored them in the /tmp directory. /tmp/id_rsa # private key /tmp/id_rsa.pub # public key Enter no passphrase when prompted. We won’t be utilizing a password with our RSA private key. Copy to Clipboard$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): /tmp/id_rsa Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /tmp/id_rsa Your public key has been saved in /tmp/id_rsa.pub The key fingerprint is: SHA256:YrepKXqCq4R0+24sIAdTg7g4iZz+B2cffqxq/I6wwPA The key's randomart image is: +---[RSA 3072]----+ |.. | |o o | |++.. | |Oo | |o= . o S | |*+o..+ + o | |o*Eo* o = | |o oo**.= o | |+..=***+o | +----[SHA256]-----+ Within the sshoney.sh script you will need to specify the private rsa_key like in the source code below. Copy to Clipboardrsa_key = '/tmp/id_rsa' # RSA host key par_rsa_key = paramiko.RSAKey(filename=rsa_key)You can now run sshoney.py. It will bind to port 22. If you would like to run sshoney.py as a daemon at startup, then you will need to fill out the following Daemon Skeleton file. Create this file like the following: Copy to Clipboard# vim /etc/systemd/system/sshoney.serviceCopy to Clipboard[Unit] Description=sshoney.py After=network.target [Service] Type=simple WorkingDirectory=/path/to/sshoney/ ExecStart=python3.11 sshoney.py Restart=always [Install] WantedBy=multi-user.targetIn the next step you will activate the script to run as a daemon using the following commands. Copy to Clipboard# vim /etc/systemd/system/sshoney.service # systemctl daemon-reload # systemctl enable /etc/systemd/system/sshoney.service # systemctl start /etc/systemd/system/sshoney.service # systemctl status /etc/systemd/system/sshoney.serviceYou can find the source code and additional instructions for the SSH Honeypot here: https://github.com/ultros/sshoney This honeypot was run for four months and it collected just over 45,000 passwords. The sorted and de-duped list can be found at: https://www.cybertutorials.org/downloads/sshoney-password-list-1-13-23.txt Here are the top collected passwords: 156 Password123! 159 Abc123 159 [email protected] 161 Admin123456 162 password1! 162 support 168 2022 173 102030 173 [email protected] 174 123qwe 175 [email protected] 180 [email protected] 181 passw0rd 182 123.com 184 Huawei12#$ 192 dgtij24jti3u3ji4rg 193 11111111 194 1q2w3e4r 194 [email protected] 194 [email protected] 207 207 Admin123 208 default 210 password123 212 abcd1234 217 0 219 000000 220 ftp 233 1qaz2wsx 241 abc123 254 J5cmmu=Kyf0-br8CsW 283 raspberry 285 passwd 289 ubnt 296 pass 309 123123 309 test123 328 1234567890 329 1234567 333 user 372 111111 404 admin123 448 [email protected] 456 toor 457 ubuntu 476 123456789 486 guest 530 qwerty 697 12345678 810 1 872 root 967 test 1052 12345 1154 admin 1166 [email protected] 1563 password 1571 1234 1791 123 7376 123456 By Jesse Shelley|2023-01-27T00:13:05+00:00January 14, 2023|Code, Tutorials|0 Comments Share This Story, Choose Your Platform! FacebookTwitterRedditLinkedInWhatsAppTelegramTumblrPinterestVkXingEmail About the Author: Jesse Shelley I've many years of experience in digital forensic science, system administration, and information systems security. Related Posts OpenAI/ChatGPT Powered Daemon Enumerator on Debian Gallery OpenAI/ChatGPT Powered Daemon Enumerator on Debian Leave A Comment Cancel replyComment Save my name, email, and website in this browser for the next time I comment.