Docker client packet reply not working

Question

Docker client packet reply not working

bang-uin opened this issue 8 years ago · 10 comments

Hi,

first things first:
Thanks for that great project!

My problem:
I configured honssh to utilize docker (honssh.cfg -> http://pastebin.com/LD3k3mVT). The docker container is starting up as soon as a client connects but it hangs at "[-] [PRE_AUTH] - CLIENT CONNECTED, REPLAYING BUFFERED PACKETS" for 3 minutes and aborts with "[HonsshClientTransport,client] connection lost" (logfile -> http://pastebin.com/2NndUQ5c).

While the container is running i can connect through ssh and telnet from a second shell (same user) without any problems.

The ssh banner in the configuration is correct.

Any suggestion?

Thanks

Answer 1 · 2016-11-02T12:29:33.000Z

Try set 0.0.0.0 on the client_addr and then if that doesn't work, try disable the ADVANCED NETWORKING.
Are you able to ssh to the docker container ?

I'll try your configuration on my VPS today if I'm getting that same issue.

Answer 2 · 2016-11-02T17:29:07.000Z

I found the issue, change the argument launch_cmd (in HONEYPOT DOCKER) to a stupid command like: echo test.
As sshd is already running on the container, running the command service ssh restart kills the session.

Answer 3 · 2016-11-02T17:31:03.000Z

Yes i can connect to the docker container using ssh and telnet.

No combination of client_addr and advNet worked for me.

Always stuck with [PRE_AUTH] - CLIENT CONNECTED, REPLAYING BUFFERED PACKETS

hmmm

Answer 4 · 2016-11-02T17:33:04.000Z

@bang-uin Did you tried the tips that I provided early: #86 (comment) ?

Answer 5 · 2016-11-02T17:54:20.000Z

Hey,

Can you also enable [packet_logging] and [output-packets], do a test connection then share the honssh.log and .log-adv (from the sessions folder)?

Or email me them (from the email in the code) if you do not want to share here.

Answer 6 · 2016-11-02T19:25:45.000Z

@unixfox
Maybe i wasn't clear in my answer, sorry. Yes i tried it and also all combinations.
Meaning:

client_addr = 0.0.0.0 advNet enabled
client_addr = 0.0.0.0 advNet disabled
client_addr = 192.168.200.200 advNet enabled
client_addr = 192.168.200.200 advNet disabled

Same result.

Changing the launch command didn't help either. Again, same result.

@tnich
I activated the options you told, but I'm sorry to say that the sessions folder is empty.
That's my current config http://pastebin.com/xbpZ4akj

Answer 7 · 2016-11-02T19:44:02.000Z

Thanks for the update.

Have you tried getting it to work with a static docker instance using the [honeypot-static] section?

Answer 8 · 2016-11-02T22:25:18.000Z

A million thanks to @tnich!!
In the end it was a timeout problem. The docker image needs longer (> 10s) to startup and that caused the connection aborts.

I think we both could get something out of that session.
Thanks a lot!

My working config is here (http://pastebin.com/EmzeMBn3), in case someone needs it.

Until there is a config option to set the timeouts one can change it at honssh/pre_auth_handler.py at line 64 or search for timeout.

Answer 9 · 2016-11-03T00:10:11.000Z

@bang-uin Strange, it may belongs to your hardware because my docker container is available under 10 seconds.

Answer 10 · 2016-11-03T00:28:11.000Z

@unixfox well, for security reasons honssh and the docker containers are running in a kvm vm. This could explain the extra time needed. In my opinion it is worth it ;)