Your company here — click to reach over 10,000 unique daily visitors

endlessh - Man Page

An SSH tarpit


endless[-46chsvV] [-d delay] [-f config] [-l max banner length] [-m max clients] [-p port]


endless is an SSH tarpit that very slowly sends an endless, random SSH banner.

endless keeps SSH clients locked up for hours or even days at a time. The purpose is to put your real SSH server on another port and then let the script kiddies get stuck in this tarpit instead of bothering a real server.

Since the tarpit is in the banner before any cryptographic exchange occurs, this program doesn't depend on any cryptographic libraries. It's a simple, single-threaded, standalone C program. It uses poll() to trap multiple clients at a time.

The options are as follows:


Forces endless to use IPv4 addresses only.


Forces endless to use IPv6 addresses only.

-d delay

Message milliseconds delay. Default: 10000

-f config

Set and load config file. By default endless looks for /etc/endlessh/config.


Print the help message and exit.

-l max banner length

Maximum banner line length (3-255). Default: 32

-m max clients

Maximum number of clients. Default: 4096

-p port

Set the listening port. By default endless listens on port 2222.


Print diagnostics to syslog. By default endless prints them to standard output.


Print diagnostics. Can be specified up to twice to increase verbosity.


Causes endless to print version information and exit.

If endless receives the SIGTERM signal it will gracefully shut down the daemon, allowing it to write a complete, consistent log.

A SIGHUP signal requests a reload of its configuration file.

A SIGUSR1 signal will print connections stats to the log.



The default endless configuration file.


January 29, 2020