Last Updated on August 11, 2021
Summary
There’s many ways of improving the security of an SSH server.
Things like disabling password logins, changing the default port of SSH from 22, using Python scripts like Fail2ban or DenyHosts offer far greater protection than Endlessh.
But Endlessh is another way of tightening security. It doesn’t really improve the security of an SSH server exposed to the internet, it’s really only offering security through obscurity. But it definitely helps to lighten logs of failed SSH connections. We certainly wouldn’t want it as a main defence mechanism. Think of it as offering an additional layer of protection from very unsophisticated attacks.
Website: github.com/skeeto/endlessh
Support:
Developer: Christopher Wellons
License: The Unlicense – free and unencumbered software released into the public domain
Endlessh is written in C. Learn C with our recommended free books and free tutorials.
Pages in this article:
Page 1 – Introduction / Installation
Page 2 – In Operation
Page 3 – Summary
What is the point ?
If you’re trying secure your SSH server by running against an unusual port, you’re doing it wrong. Security through obscurity is not a solution.
If you are trying to waste someone’s time, I have to ask why you care how someone else uses their time.
I ask why do you care what the developer of Endlessh spends his time doing? It’s up to him what he wants to write.
Really your comment just comes across as rather snide.
I also think this approach does not make any sense, please let me explain why:
If you run a public accessible ssh service on port 22, you will probably notice several thousands login attempts per day (at least my experience). Now imagine what happens with this endlessh… you would likely end up with endless 😉 open tcp connection wasting your resources instead of script kiddies time because as name already suggests, they run their discovery in an automated and parallel way.
So a valuable posting could be something about firewall settings like dropping packets so incoming connections doesn’t even get one packet back that in turn is least resource consuming as well as secure.
You are probably a troll but here goes:
1) I wasn’t defending the developer’s approach. I was defending his right to code what he wants.
2) You won’t end up with endless open tcp connections, the idea of the program is that port 22 isn’t running a server although it appears to the script-kiddie it is.
3) The reviewer explains that there are far more effective ways of securing a system, so I don’t understand your point. And there are tons of posts/books on how to configure a firewall already available.
4) Who are you? Let’s see some of your open source projects. I’ll be happy to evaluate them. Or it’s possible you’ve contributed nothing to the open source community.
While the intent is good, the truth is that most attacking scripts will just kill their side of the connection after a few seconds, at worst, simply starting over again. This is not a conjecture, but exactly what I see in my logs when I use endlessh.
Endlessh is almost useless as a practical tool. But that equally applies to your ‘analysis’. Conjecture is an opinion or conclusion formed on the basis of incomplete information. Testing by one individual with no proof or evidence provided definitely falls into the definition of incomplete information. Hence it’s conjecture. I have seen attacking scripts not give up. Again that’s testing by one individual.
That’s right, it’s an anecdote at best.