Endlessh

Endlessh – SSH tarpit

Last Updated on August 11, 2021

Summary

There’s many ways of improving the security of an SSH server.

Things like disabling password logins, changing the default port of SSH from 22, using Python scripts like Fail2ban or DenyHosts offer far greater protection than Endlessh.

But Endlessh is another way of tightening security. It doesn’t really improve the security of an SSH server exposed to the internet, it’s really only offering security through obscurity. But it definitely helps to lighten logs of failed SSH connections. We certainly wouldn’t want it as a main defence mechanism. Think of it as offering an additional layer of protection from very unsophisticated attacks.

Website: github.com/skeeto/endlessh
Support:
Developer: Christopher Wellons
License: The Unlicense – free and unencumbered software released into the public domain

Endlessh is written in C. Learn C with our recommended free books and free tutorials.

Pages in this article:
Page 1 – Introduction / Installation
Page 2 – In Operation
Page 3 – Summary

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Please read our Comment FAQ before posting a comment.

7 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Smouch
Smouch
3 years ago

What is the point ?

If you’re trying secure your SSH server by running against an unusual port, you’re doing it wrong. Security through obscurity is not a solution.

If you are trying to waste someone’s time, I have to ask why you care how someone else uses their time.

Alanmeister
Alanmeister
3 years ago
Reply to  Smouch

I ask why do you care what the developer of Endlessh spends his time doing? It’s up to him what he wants to write.

Really your comment just comes across as rather snide.

xyz
xyz
3 years ago
Reply to  Alanmeister

I also think this approach does not make any sense, please let me explain why:
If you run a public accessible ssh service on port 22, you will probably notice several thousands login attempts per day (at least my experience). Now imagine what happens with this endlessh… you would likely end up with endless 😉 open tcp connection wasting your resources instead of script kiddies time because as name already suggests, they run their discovery in an automated and parallel way.

So a valuable posting could be something about firewall settings like dropping packets so incoming connections doesn’t even get one packet back that in turn is least resource consuming as well as secure.

Alanmeister
Alanmeister
3 years ago
Reply to  xyz

You are probably a troll but here goes:

1) I wasn’t defending the developer’s approach. I was defending his right to code what he wants.
2) You won’t end up with endless open tcp connections, the idea of the program is that port 22 isn’t running a server although it appears to the script-kiddie it is.
3) The reviewer explains that there are far more effective ways of securing a system, so I don’t understand your point. And there are tons of posts/books on how to configure a firewall already available.
4) Who are you? Let’s see some of your open source projects. I’ll be happy to evaluate them. Or it’s possible you’ve contributed nothing to the open source community.

Jay Sanders
Jay Sanders
3 years ago

While the intent is good, the truth is that most attacking scripts will just kill their side of the connection after a few seconds, at worst, simply starting over again. This is not a conjecture, but exactly what I see in my logs when I use endlessh.

Vimster
Vimster
3 years ago
Reply to  Jay Sanders

Endlessh is almost useless as a practical tool. But that equally applies to your ‘analysis’. Conjecture is an opinion or conclusion formed on the basis of incomplete information. Testing by one individual with no proof or evidence provided definitely falls into the definition of incomplete information. Hence it’s conjecture. I have seen attacking scripts not give up. Again that’s testing by one individual.

Grahame
Grahame
3 years ago
Reply to  Vimster

That’s right, it’s an anecdote at best.