NAME¶

endless — An SSH tarpit

SYNOPSIS¶

DESCRIPTION¶

endless is an SSH tarpit that very slowly sends an endless, random SSH banner.

endless keeps SSH clients locked up for hours or even days at a time. The purpose is to put your real SSH server on another port and then let the script kiddies get stuck in this tarpit instead of bothering a real server.

Since the tarpit is in the banner before any cryptographic exchange occurs, this program doesn't depend on any cryptographic libraries. It's a simple, single-threaded, standalone C program. It uses poll() to trap multiple clients at a time.

The options are as follows:

-4

Forces endless to use IPv4 addresses only.

-6

Forces endless to use IPv6 addresses only.

-d delay

Message milliseconds delay. Default: 10000

-f config

Set and load config file. By default endless looks for /etc/endlessh/config.

-h

Print the help message and exit.

-l max banner length

Maximum banner line length (3-255). Default: 32

-m max clients

Maximum number of clients. Default: 4096

-p port

Set the listening port. By default endless listens on port 2222.

-s

Print diagnostics to syslog. By default endless prints them to standard output.

-v

Print diagnostics. Can be specified up to twice to increase verbosity.

-V

Causes endless to print version information and exit.

If endless receives the SIGTERM signal it will gracefully shut down the daemon, allowing it to write a complete, consistent log.

A SIGHUP signal requests a reload of its configuration file.

A SIGUSR1 signal will print connections stats to the log.

FILES¶

/etc/endlessh/config

The default endless configuration file.