Update README.md

Added more info about the `details` and `interactive` fields to logging section.

README.md

@@ -93,8 +93,8 @@ Things to note:
     * `Session summary`
     * `SSH connection closed`
 * Several of these message types also feature a `details` field with additional information
-    * `User input` messages contain a base64-encoded copy of the entire user input
+    * `User input` messages contain a base64-encoded copy of the entire user input in the `details` field, as well as an `interactive` field (true/false) that tells you whether this was an interactive or non-interactive command (i.e., whether they logged in with a terminal session or provided a command on the SSH command-line).
-    * `LLM response` messages contain a base64-encoded copy of the entire simulated response
+    * `LLM response` messages contain a base64-encoded copy of the entire simulated response in the `details` field.
     * `Session summary` messages contain not only a summary of the commands, but also a guess as to what they might have been intended to accomplish. There will also be a `judgement` field that contains one of "BENIGN", "SUSPICIOUS", or "MALICIOUS"
 * Since this is a honeypot and not intended for use by real users, IT WILL LOG USERNAMES AND PASSWORDS! These are found in the `Authentication success` messages, in the `username` and `password` fields.
 

SSH/config.ini.TEMPLATE

@@ -51,10 +51,11 @@ system_prompt = Interpret all inputs as though they were SSH commands and provid
     responses do not indicate that the user is on a virtual machine, container, 
     or emulation at all. 
 
-    On the first call, be sure to include a realistic MOTD.
+    If {interactive} is True, make sure to include a realistic MOTD on the
+    first call, and to end all responses with a realistic shell prompt to display to 
+    the user, including a space at the end. 
 
-    End all responses with a realistic shell prompt to display to the user, 
+    If {interactive} is False, do not include a shell prompt or MOTD.
-    including a space at the end.
 
     Include ANSI color codes for the terminal with the output of ls commands 
     (including any flags), or in any other situation where it is appropriate, but 
@@ -74,9 +75,12 @@ system_prompt = Interpret all inputs as though they were SSH commands and provid
 # The valid user accounts and passwords for the SSH server, in the
 # form "username = password".  Note that you can enable login without 
 # a password by leaving that field blank (e.g., "guest =" on a line by
-# itself)
+# itself). You can set an account to accept ANY password, including an empty
+# password, by setting the password to "*"
 [user_accounts]
 guest = 
 user1 = secretpw
 user2 = password123
+root = *
+
 

SSH/ssh_server.py

@@ -23,6 +23,7 @@ from langchain_core.chat_history import BaseChatMessageHistory, InMemoryChatMess
 from langchain_core.runnables.history import RunnableWithMessageHistory
 from langchain_core.prompts import ChatPromptTemplate, MessagesPlaceholder
 from langchain_core.runnables import RunnablePassthrough
+from asyncssh.misc import ConnectionLost
 
 class JSONFormatter(logging.Formatter):
     def format(self, record):
@@ -36,6 +37,8 @@ class JSONFormatter(logging.Formatter):
             "dst_port": record.dst_port,
             "message": record.getMessage()
         }
+        if hasattr(record, 'interactive'):
+            log_record["interactive"] = record.interactive
         # Include any additional fields from the extra dictionary
         for key, value in record.__dict__.items():
             if key not in log_record and key != 'args' and key != 'msg':
@@ -74,7 +77,8 @@ class MySSHServer(asyncssh.SSHServer):
     def connection_lost(self, exc: Optional[Exception]) -> None:
         if exc:
             logger.error('SSH connection error', extra={"error": str(exc)})
-            traceback.print_exception(exc)
+            if not isinstance(exc, ConnectionLost):
+                traceback.print_exception(exc)
         else:
             logger.info("SSH connection closed")
         # Ensure session summary is called on connection loss if attributes are set
@@ -101,7 +105,7 @@ class MySSHServer(asyncssh.SSHServer):
     def validate_password(self, username: str, password: str) -> bool:
         pw = accounts.get(username, '*')
         
-        if ((pw != '*') and (password == pw)):
+        if pw == '*' or (pw != '*' and password == pw):
             logger.info("Authentication success", extra={"username": username, "password": password})
             return True
         else:
@@ -148,7 +152,8 @@ representative examples.
     llm_response = await session.ainvoke(
         {
             "messages": [HumanMessage(content=prompt)],
-            "username": process.get_extra_info('username')
+            "username": process.get_extra_info('username'),
+            "interactive": True  # Ensure interactive flag is passed
         },
             config=llm_config
     )
@@ -176,42 +181,57 @@ async def handle_client(process: asyncssh.SSHServerProcess, server: MySSHServer)
 
     llm_config = {"configurable": {"session_id": task_uuid}}
 
-    llm_response = await with_message_history.ainvoke(
-        {
-            "messages": [HumanMessage(content="ignore this message")],
-            "username": process.get_extra_info('username')
-        },
-            config=llm_config
-    )
-
-    process.stdout.write(f"{llm_response.content}")
-    logger.info("LLM response", extra={"details": b64encode(llm_response.content.encode('utf-8')).decode('utf-8')})
-
-    # Store process, llm_config, and session in the MySSHServer instance
-    server._process = process
-    server._llm_config = llm_config
-    server._session = with_message_history
-
     try:
-        async for line in process.stdin:
+        if process.command:
-            line = line.rstrip('\n')
+            # Handle non-interactive command execution
-            logger.info("User input", extra={"details": b64encode(line.encode('utf-8')).decode('utf-8')})
+            command = process.command
-
+            logger.info("User input", extra={"details": b64encode(command.encode('utf-8')).decode('utf-8'), "interactive": False})
-            # Send the command to the LLM and give the response to the user
             llm_response = await with_message_history.ainvoke(
                 {
-                    "messages": [HumanMessage(content=line)],
+                    "messages": [HumanMessage(content=command)],
-                    "username": process.get_extra_info('username')
+                    "username": process.get_extra_info('username'),
+                    "interactive": False
                 },
                     config=llm_config
             )
-            if llm_response.content == "XXX-END-OF-SESSION-XXX":
+            process.stdout.write(f"{llm_response.content}")
-                await session_summary(process, llm_config, with_message_history, server)
+            logger.info("LLM response", extra={"details": b64encode(llm_response.content.encode('utf-8')).decode('utf-8'), "interactive": False})
-                process.exit(0)
+            await session_summary(process, llm_config, with_message_history, server)
-                return
+            process.exit(0)
-            else:
+        else:
-                process.stdout.write(f"{llm_response.content}")
+            # Handle interactive session
-                logger.info("LLM response", extra={"details": b64encode(llm_response.content.encode('utf-8')).decode('utf-8')})
+            llm_response = await with_message_history.ainvoke(
+                {
+                    "messages": [HumanMessage(content="ignore this message")],
+                    "username": process.get_extra_info('username'),
+                    "interactive": True
+                },
+                    config=llm_config
+            )
+
+            process.stdout.write(f"{llm_response.content}")
+            logger.info("LLM response", extra={"details": b64encode(llm_response.content.encode('utf-8')).decode('utf-8'), "interactive": True})
+
+            async for line in process.stdin:
+                line = line.rstrip('\n')
+                logger.info("User input", extra={"details": b64encode(line.encode('utf-8')).decode('utf-8'), "interactive": True})
+
+                # Send the command to the LLM and give the response to the user
+                llm_response = await with_message_history.ainvoke(
+                    {
+                        "messages": [HumanMessage(content=line)],
+                        "username": process.get_extra_info('username'),
+                        "interactive": True
+                    },
+                        config=llm_config
+                )
+                if llm_response.content == "XXX-END-OF-SESSION-XXX":
+                    await session_summary(process, llm_config, with_message_history, server)
+                    process.exit(0)
+                    return
+                else:
+                    process.stdout.write(f"{llm_response.content}")
+                    logger.info("LLM response", extra={"details": b64encode(llm_response.content.encode('utf-8')).decode('utf-8'), "interactive": True})
 
     except asyncssh.BreakReceived:
         pass