Interested in having some fun with Kippo (an SSH honeypot) on your Digital Ocean server? Here’s a super fast getting started guide based on this doc:
- Do an
apt-get update && apt-get upgrade
- Open
etc/ssh/sshd_config
- Change the port to be some odd port you want to use for legit SSH management, like 9999 or 1357.
- Restart ssh with
reload ssh
- Install Kippo dependencies with
apt-get install python-dev openssl python-openssl python-pyasn1 python-twisted
- Get subversion to install kippo with
apt-get install subversion
- Create kippo user with
useradd -d /home/kippo -s /bin/bash -m kippo -g sudo
- Install authbind with
apt-get install authbind
- Create a file called
/etc/authbind/byport/22
- Set ownership on it with
chown kippo /etc/authbind/byport/22
- Change permissions on it with
chmod 777 /etc/authbind/byport/22
- Change to the kippo user with
su kippo
- Hit
cd
to go to kippo home dir. - Download kippo SVN with
svn checkout http://kippo.googlecode.com/svn/trunk/ ./kippo
- cd to kippo dir with
cd kippo
- Move and rename default config file with
mv kippo.cfg.dist kippo.cfg
and then open it - Change the ssh_port from 2222 to 22
- Start the kippo service with
./start.sh
- Start tailing the /home/kippo/kippo/log/kippo.log file to see authentication attempts!
More to come. From here I want to get the mysql part setup so I can more easily query the auth attempts being made. I’m also interested in setting up a legit kippo user so I can see what terminal commands a bad guy might use upon "hacking" into my network.
Share on socials: