SSH Honeypot in 4 Minutes - Trap Hackers in Your Server

Please note that Endlessh is NOT meant to replace conventional SSH security methods. You should still set up public-key only authentication and 2FA, as well as tools like iptables, fail2ban and CrowdSec

silly question. Couldn't you just do an nmap scan and figure out the actual port is 69?

You should just have the banner be the bee movie script

You're video is straight to the point and doesn't waste my time to increase your channel view time. Thank you.

Don't run it on a production server or u might end up with 20k simultaneous ssh connections

2/10 no actual bonk meme included

Amusing, but I would rather setup fail2ban, as your real ssh server can still be hammered. Or do both

This is the least efficient way of "protecting" an SSH server I have ever seen, but also the funniest without a doubt

Wow a 5 minute video with 5 minutes of solid information. Not a 11 minute video with 2 minutes of eh information. You just earned yourself a sub and a spot on my whitelist, something very very few UA-camrs get from me.

I think in addition to changing your real SSH port, I would also say setting up the SSH server to only accept keys for login would be the next step

scripts will just adapt to close the connection after 10 second timeout and try another port

I need to know: how often do we have to open the server up to let the trapped hackers out?

Love this! There's a simple docker package as well in the docker hub, so quick to deploy! Thanks for bringing this project to me! Such a simple and powerful tarpit!!!

I've been setting up a game server, and I am TOTALLY DOING THIS. Thank you so much for making this video! It never occurred to me to have a 'false front' ssh login, and making it a time sink is a brilliant approach.

This is such a fantastic channel. Very well produced. Thanks Wolfgang.

I honestly love mitigation techniques like this one; they are simple, effective, and feel a bit trolly ;)

Damn I actually love Wolfgang's desk setup so much

moving your SSHD to another port is a good practice, however a simple nmap on your IP will reveal it. Real hacker's script usually does a kind of nmap to list possible vulnerabilities. Good video

Thanks for sharing this is pretty cool. True someone can script a timeout but the thought of slowing down even for 15 seconds seem to be worth it.

Dude your content is great, so glad i'm subscribed, keep it up ! :)