Can't Connect to Honssh but it still logs

Question

Can't Connect to Honssh but it still logs

Opened this issue 7 years ago · 8 comments

So I am working on a project for a college course that requires the use of the dockpot honeypot (I need to connect to it and I don't care if anyone else can or not) which is essentially just honssh. After having spent 8 hours trying to get honssh fully working I am at a loss, I have gotten to the point where I can start up my ssh_server on docker and then upon starting dockpot (it says it has start up properly and I start up the container it creates) and upon connecting directly to my ssh_server on docker honssh logs the connection but I am unable to actually connect to honssh. Any IP address and port I assign honssh to either has no connection or has a password I am unable to guess.

So I was wondering if anyone had a suggestion on setting up the honssh.cfg file properly so I can connect to honssh.

Answer 1 · 2018-02-23T20:29:22.000Z

Hi,

please attach the log file and config file so we can have a lock at it.

Answer 2 · 2018-02-23T21:17:03.000Z

Sure @bang-uin

honssh.log

For the ssh addr and the client addr I have tried many addresses but none have worked so far.

cfgfile.txt

Answer 3 · 2018-02-23T21:51:33.000Z

Your config file looks not complete.
What honssh version are you using?
[honeypot-static] and [honeypot-docker] sections are missing.
Probably even more.
Please use the latest version.

Answer 4 · 2018-02-23T21:53:57.000Z

And please read our Wiki articles.

Answer 5 · 2018-02-23T22:06:30.000Z

@bang-uin
As I stated in my initial post I am using the dockpot honeypot but it is heavily based upon honssh so I was here to mostly ask about the IP configuration as honssh says its running but I can’t ssh to it

Answer 6 · 2018-02-23T22:13:17.000Z

I see, sorry, didn't saw it :D
But i highly recommend to first try the release 1.1.0 from our repo before investing more time in 3 years old code.
The dockpot project seems pretty much dead.

Answer 7 · 2018-02-24T00:23:03.000Z

@bang-uin I totally agree with you but unfortunately my college professor (who knows nothing about dockpot) has chosen dockpot as a high interaction honeypot that we must look into. As I said, any assistance or advice on setting up the honssh.cfg is greatly appreciated.

Answer 8 · 2018-02-24T11:02:55.000Z

As @bang-uin said, we can't really comment on Dockpot setups but I'll explain a bit more about HonSSH that might help.

A traditional HonSSH setup would be setup like this - https://github.com/tnich/honssh/wiki/Deployment-Guide
ssh_addr is the address you want to bind your HonSSH server to. This is address that attackers will SSH into. ssh ssh_addr will connect to HonSSH. This should be an IP that exists on your HonSSH server or 0.0.0.0 to bind to every interface.

client_addr is the address that HonSSH will send outgoing connections from, destined to the honeypot.
Again, use 0.0.0.0 to use any interface.

honey_addr is the address of the honeypot that you want HonSSH to send the SSH packets to. Usually this is on the same subnet ad the client_addr (unless 0.0.0.0 is used).

We can do docker directly in the new HonSSH, no need for dockpot anymore.
https://github.com/tnich/honssh/wiki/Setup-using-Docker

I hope this helps 😄 Let us know if you need anything else!