3 Commits

Author SHA1 Message Date
fd0d8a78fc Update README.md
Added more info about the `details` and `interactive` fields to logging section.
2025-02-05 06:41:16 -05:00
dba537c58f removed debug statements 2025-02-04 16:11:48 -05:00
b222940de2 Wildcard password support
Setting a password to be "*" in the config file will cause the server to accept any password the client provides for that account, including an empty password.
2025-02-04 16:05:23 -05:00
3 changed files with 8 additions and 5 deletions

View File

@ -93,8 +93,8 @@ Things to note:
* `Session summary` * `Session summary`
* `SSH connection closed` * `SSH connection closed`
* Several of these message types also feature a `details` field with additional information * Several of these message types also feature a `details` field with additional information
* `User input` messages contain a base64-encoded copy of the entire user input * `User input` messages contain a base64-encoded copy of the entire user input in the `details` field, as well as an `interactive` field (true/false) that tells you whether this was an interactive or non-interactive command (i.e., whether they logged in with a terminal session or provided a command on the SSH command-line).
* `LLM response` messages contain a base64-encoded copy of the entire simulated response * `LLM response` messages contain a base64-encoded copy of the entire simulated response in the `details` field.
* `Session summary` messages contain not only a summary of the commands, but also a guess as to what they might have been intended to accomplish. There will also be a `judgement` field that contains one of "BENIGN", "SUSPICIOUS", or "MALICIOUS" * `Session summary` messages contain not only a summary of the commands, but also a guess as to what they might have been intended to accomplish. There will also be a `judgement` field that contains one of "BENIGN", "SUSPICIOUS", or "MALICIOUS"
* Since this is a honeypot and not intended for use by real users, IT WILL LOG USERNAMES AND PASSWORDS! These are found in the `Authentication success` messages, in the `username` and `password` fields. * Since this is a honeypot and not intended for use by real users, IT WILL LOG USERNAMES AND PASSWORDS! These are found in the `Authentication success` messages, in the `username` and `password` fields.

View File

@ -75,9 +75,12 @@ system_prompt = Interpret all inputs as though they were SSH commands and provid
# The valid user accounts and passwords for the SSH server, in the # The valid user accounts and passwords for the SSH server, in the
# form "username = password". Note that you can enable login without # form "username = password". Note that you can enable login without
# a password by leaving that field blank (e.g., "guest =" on a line by # a password by leaving that field blank (e.g., "guest =" on a line by
# itself) # itself). You can set an account to accept ANY password, including an empty
# password, by setting the password to "*"
[user_accounts] [user_accounts]
guest = guest =
user1 = secretpw user1 = secretpw
user2 = password123 user2 = password123
root = *

View File

@ -105,7 +105,7 @@ class MySSHServer(asyncssh.SSHServer):
def validate_password(self, username: str, password: str) -> bool: def validate_password(self, username: str, password: str) -> bool:
pw = accounts.get(username, '*') pw = accounts.get(username, '*')
if ((pw != '*') and (password == pw)): if pw == '*' or (pw != '*' and password == pw):
logger.info("Authentication success", extra={"username": username, "password": password}) logger.info("Authentication success", extra={"username": username, "password": password})
return True return True
else: else: