Dan Q

Year: 2025

Endless SSH Tarpit on Debian

Tarpitting SSH with Endlessh

I had a smug moment when I saw security researcher Rob Ricci and friends’ paper empirically analysing brute-force attacks against SSH “in the wild”.1 It turns out that putting all your SSH servers on “weird” port numbers – which I’ve routinely done for over a decade – remains a pretty-effective way to stop all that unwanted traffic2, whether or not you decide to enhance that with some fail2ban magic.

But then I saw a comment about Endlessh. Endlessh3 acts like an SSH server but then basically reverse-Slow-Loris’s the connecting client, very gradually feeding it an infinitely-long SSH banner and hanging it for… well, maybe 15 seconds or so but possibly up to a week.

Installing an Endlessh tarpit on Debian 12

I was just setting up a new Debian 12 server when I learned about this. I’d already moved the SSH server port away from the default 224, so I figured I’d launch Endlessh on port 22 to slow down and annoy scanners.

Installation wasn’t as easy as I’d hoped considering there’s a package. Here’s what I needed to do:

  1. Move any existing SSH server to a different port, if you haven’t already, e.g. as shown in the footnotes.
  2. Install the package, e.g.: sudo apt update && sudo apt install -y endlessh
  3. Permit Endlessh to run on port 22: sudo setcap 'cap_net_bind_service=+ep' /usr/bin/endlessh
  4. Modify /etc/systemd/system/multi-user.target.wants/endlessh.service in the following ways:
    1. uncomment AmbientCapabilities=CAP_NET_BIND_SERVICE
    2. comment PrivateUsers=true
    3. change InaccessiblePaths=/run /var into InaccessiblePaths=/var
  5. Reload the modified service: sudo systemctl daemon-reload
  6. Configure Endlessh to run on port 22 rather than its default of 2222: echo "Port 22" | sudo tee /etc/endlessh/config
  7. Start Endlessh: sudo service endlessh start

To test if it’s working, connect to your SSH server on port 22 with your client in verbose mode, e.g. ssh -vp22 example.com and look for banner lines full of random garbage appearing at 10 second intervals.

Screenshot showing SSH connection being established to an Endlessh server, which is returning line after line of randomly-generated text as a banner.

It doesn’t provide a significant security, but you get to enjoy the self-satisfied feeling that you’re trolling dozens of opportunistic script kiddies a day.

Footnotes

1 It’s a good paper in general, if that’s your jam.

2 Obviously you gain very little security by moving to an unusual port number, given that you’re already running your servers in “keys-only” (PasswordAuthentication no) configuration mode already, right? Right!? But it’s nice to avoid all the unnecessary logging that wave after wave of brute-force attempts produce.

3 Which I can only assume is pronounced endle-S-S-H, but regardless of how it’s said out loud I appreciate the wordplay of its name.

4 To move your SSH port, you might run something like echo "Port 12345" | sudo tee /etc/ssh/sshd_config.d/unusual-port.conf and restart the service, of course.

×

Article posted at UTC on .

No comments

Note #25448

Compared to the children, the dog is Not So Impressed by the deep snowfall we’ve just received. To be fair, it’s basically up to get armpits!

(leg-pits? I don’t know what the right word is for a canine!)

A French Bulldog up to the top of her legs in deep snow.

×

Note #25446

I’m staying in a lodge in the Yorkshire Dales National Park to celebrate the eldest kid’s birthday and we’ve just received a huge dump of snow, overnight. What was grass is now a thick white carpet of fresh powder. Sounds like a great birthday present for an excited kid I can just hear beginning to wake up…

Snow- covered meadow, uh a fence running through it, with snowy winter woods beyond.

×

Dan Q did not find GC8TK41 05 – Willow’s Wanders – Eshington Bridge

This checkin to GC8TK41 05 - Willow's Wanders - Eshington Bridge reflects a geocaching.com log entry. See more of Dan's cache logs.

An extended search over two visits today by the eldest child and I couldn’t reveal this one. Very frustrating, given that it’s clearly there somewhere (CO performed maintenance just yesterday!). We’re staying in a cabin a little way downstream, so we might find another opportunity to search again tomorrow, weather-permitting. 🤞

Dan Q found GC80592 Coffee, Cache and Dash

This checkin to GC80592 Coffee, Cache and Dash reflects a geocaching.com log entry. See more of Dan's cache logs.

QEF while stopped for a confort break on a long journey North from Oxford. The dog wanted to go with the others into the services, but had to stay outdoors with me and hunt for the cache. Solid hint!

Dan, wearing a high-vis jacker, sits at a bench outside a motorway service station building. His dog, a small French Bulldog, pulls at her lead towards the entrance.
Silly dog, you’re not allowed inside!
×

My Ball

Our beloved-but-slightly-thick dog will sometimes consent to playing fetch, but one of her favourite games to play is My Ball. Which is a bit like fetch, except that she won’t let go of the ball.

It’s not quite the same as tug-of-war, though. She doesn’t want you to pull the toy in a back-and-forth before, most-likely, giving up and letting her win1. Nor is My Ball a solo game: she’s not interested in sitting and simply chewing the ball, like some dogs do.

A champagne-coloured French Bulldog on a black-and-white rug, indoors, stands while chewing a lime green tennis ball.
I’d like to imagine the grunts and snorts she makes at about this moment actually translate to “My ball. Myyyy… ballll. Myyyyy ball! MY BALL! My… BALL!”

No, this is absolutely a participatory game. She’ll sit and whine for your attention to get you to come to another room. Or she’ll bring the toy in question (it doesn’t have to be a ball) and place it gently on your foot to get your attention.

Your role in this game is to want the ball. So long as you’re showing that you want the ball – occasionally reaching down to take it only for her to snatch it away at the last second, verbally asking if you can have it, or just looking enviously in its general direction – you’re playing your part in the game. Your presence and participation is essential, even as your role is entirely ceremonial.

A champagne-coloured French Bulldog in a doorway, on a tiled floor, holds a braided rope; a human hand barely holds the other end.
This might look like a game of tug-of-war, but you’ll note that my grip is just barely two-fingered. She’s not pulling, because she doesn’t need to unless I try to take the toy. This is My Rope, she knows.

Playing it, I find myself reminded of playing with the kids when they were toddlers. The eldest in particular enjoyed spending countless hours playing make-believe games in which the roles were tightly-scripted2. She’d tell me that, say, I was a talking badger or a grumpy dragon or an injured patient but immediately shoot down any effort to role-play my assigned character, telling me that I was “doing it wrong” if I didn’t act in exactly the unspoken way that she imagined my character ought to behave.

But the important thing to her was that I embodied the motivation that she assigned me. That I wanted the rabbits to stop digging too near to my burrow3 or the princess to stay in her cage4 or to lie down in my hospital bed and await the doctor’s eventual arrival5. Sometimes I didn’t need to do much, so long as I showed how I felt in the role I’d been assigned.

A toddler with long blonde hair, wearing a pink cardigan, sits on a tall stool in front of a kitchen sink, holding a long-handled scrubbing brush.
In this game, the chef was “making soup” (in the sink, apparently) and my job was to “want the soup”.

Somebody with much more acting experience and/or a deeper academic comprehension of the performing arts is going to appear in the comments and tell me why this is, probably.

But I guess what I mean to say is that playing with my dog sometimes reminds me of playing with a toddler. Which, just sometimes, I miss.

Footnotes

1 Alternatively, tug-of-war can see the human “win” and then throw the toy, leading to a game of fetch after all.

2 These games were, admittedly, much more-fun than the time she had me re-enact my father’s death with her.

3 “Grr, those pesky rabbits are stopping me sleeping.”

4 “I’ll just contentedly sit on my pile of treasure, I guess?”

5 Playing at being an injured patient was perhaps one of my favourite roles, especially after a night in which the little tyke had woken me a dozen times and yet still had some kind of tiny-human morning-zoomies. On at least one such occasion I’m pretty sure I actually fell asleep while the “doctor” finished her rounds of all the soft toys whose triage apparently put them ahead of me in the pecking order. Similarly, I always loved it when the kids’ games included a “naptime” component.

× × ×

Article posted at UTC on .

No comments

Note #25428

Our family tradition on New Year’s Day is to go to the Rollright Stones. Legend has it that you can’t count the standing stones and get the same answer twice.

This year the younger child counted 37, the elder 67… so wide a difference that you can see how one might ascribe a mystical reason!

A stone circle in the rain. Some people (and a dog) are walking around it.

×