A simple SSH tarpit, similar to endlessh.
As per RFC 4253:
txt
The server MAY send other lines of data before sending the version
string. Each line SHOULD be terminated by a Carriage Return and Line
Feed. Such lines MUST NOT begin with "SSH-", and SHOULD be encoded
in ISO-10646 UTF-8 [RFC3629] (language is not specified). Clients
MUST be able to process such lines.
In other words, you can fool SSH clients into waiting an extremely long time for a SSH handshake to even begin simply by waffling on endlessly. My high score is just over a fortnight.
The intent of this is to increase the cost of mass SSH scanning - even clients that immediately disconnect after the first response are delayed a little, and that's one less free connection for the next attack.
```console -% cargo install tarssh -% tarssh --help tarssh 0.5.0 A SSH tarpit server
USAGE: tarssh [FLAGS] [OPTIONS]
FLAGS: --disable-log-ident Disable module name in logs (e.g. "tarssh") --disable-log-level Disable log level in logs (e.g. "info") --disable-log-timestamps Disable timestamps in logs -h, --help Prints help information -V, --version Prints version information -v, --verbose Verbose level (repeat for more verbosity)
OPTIONS:
--chroot
-% tarssh -v --disable-log-timestamps -l 0.0.0.0:2222 [::]:2222 [INFO tarssh] init, version: 0.5.0, scheduler: basic [INFO tarssh] listen, addr: 0.0.0.0:2222 [INFO tarssh] privdrop, enabled: false [INFO tarssh] sandbox, enabled: true [INFO tarssh] start, servers: 2, max_clients: 4096, delay: 10s, timeout: 30s [INFO tarssh] connect, peer: 127.0.0.1:39410, clients: 1 [INFO tarssh] connect, peer: 127.0.0.1:39424, clients: 2 [INFO tarssh] disconnect, peer: 127.0.0.1:39410, duration: 20.02s, error: "Broken pipe (os error 32)", clients: 1 [INFO tarssh] disconnect, peer: 127.0.0.1:39424, duration: 20.06s, error: "Broken pipe (os error 32)", clients: 0 ^C[INFO tarssh] interrupt [INFO tarssh] shutdown, uptime: 71.50s, clients: 0 ```