endlessh - Man Page
An SSH tarpit
endless is an SSH tarpit that very slowly sends an endless, random SSH banner.
endless keeps SSH clients locked up for hours or even days at a time. The purpose is to put your real SSH server on another port and then let the script kiddies get stuck in this tarpit instead of bothering a real server.
Since the tarpit is in the banner before any cryptographic exchange occurs, this program doesn't depend on any cryptographic libraries. It's a simple, single-threaded, standalone C program. It uses poll() to trap multiple clients at a time.
The options are as follows:
Forces endless to use IPv4 addresses only.
Forces endless to use IPv6 addresses only.
- -d delay
Message milliseconds delay. Default: 10000
- -f config
Set and load config file. By default endless looks for /etc/endlessh/config.
Print the help message and exit.
- -l max banner length
Maximum banner line length (3-255). Default: 32
- -m max clients
Maximum number of clients. Default: 4096
- -p port
Set the listening port. By default endless listens on port 2222.
Print diagnostics to syslog. By default endless prints them to standard output.
Print diagnostics. Can be specified up to twice to increase verbosity.
Causes endless to print version information and exit.
If endless receives the SIGTERM signal it will gracefully shut down the daemon, allowing it to write a complete, consistent log.
A SIGHUP signal requests a reload of its configuration file.
A SIGUSR1 signal will print connections stats to the log.
The default endless configuration file.