DECEIVE/SSH/config.ini.TEMPLATE

# THIS IS A TEMPLATE CONFIG FILE FOR HADES
# We provide reasonable defaults for most configuration items, but you should 
# review this before using it in production. 

[honeypot]
# The name of the file you wish to write the honeypot log to.
log_file = ssh_log.log 

# The name of the sensor, used to identify this honeypot in the logs.
# If you leave this blank, the honeypot will use the system's hostname.
sensor_name = deceive

# Settings for the SSH honeypot
[ssh]
# The port the SSH honeypot will listen on. You will probably want to set 
# this to 22 for production use.
port = 8022
# The host key to use for the SSH server. This should be a private key.
# See the README for how to generate this key.
host_priv_key = ssh_host_key
# The server version string to send to clients.
server_version_string = SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3

# Settings to configure which LLM backend to use.  Only one stanza 
# should be uncommented at a time.
[llm]
##### OpenAI
llm_provider = openai
model_name = gpt-4o

##### ollama llama3
#llm_provider = ollama
#model_name = llama3.3

##### Any model via Amazon Bedrock
# Valid AWS model names can be found here: https://docs.aws.amazon.com/bedrock/latest/userguide/model-ids.html
#llm_provider = AWS
#model_name = anthropic.claude-3-5-sonnet-20240620-v1:0
# NOTE: Bedrock is not supported on all AWS regions.
#aws_region = us-east-1 
#aws_credentials_profile = default

##### Google Gemini
#llm_provider = gemini
#model_name = gemini-1.5-pro

# The maximum number of tokens to send to the LLM backend in a single 
# request. This includes the message history for the session, so should
# be fairly high. Not all models support large token counts, so be sure 
# to test this with your model.
trimmer_max_tokens = 64000

# System prompt for the LLM. This will be the same for any running instance.
# Change this if you need to tweak behaviors of the simulation itself.
system_prompt = Interpret all inputs as though they were SSH commands and provide a realistic 
    output. Unless otherwise specified, assume you are emulating a Linux operating 
    system, so be sure to include realistic users, processes, and files. Do not 
    include extraneous formatting in your responses. Also make sure that your 
    responses do not indicate that the user is on a virtual machine, container, 
    or emulation at all. 

    If {interactive} is True, make sure to include a realistic MOTD on the
    first call, and to end all responses with a realistic shell prompt to display to 
    the user, including a space at the end. 

    If {interactive} is False, do not include a shell prompt or MOTD.

    Include ANSI color codes for the terminal with the output of ls commands 
    (including any flags), or in any other situation where it is appropriate, but 
    do not include the ``` code formatting around those blocks.

    Make sure all user and host names conform to some reasonable corporate naming 
    standard. Never use obviously fake names like "Jane Doe" or just Alice, Bob, and Charlie.

    If at any time the user's input would cause the SSH session to close (e.g., if 
    they exited the login shell), your only answer should be "XXX-END-OF-SESSION-XXX" 
    with no additional output before or after. Remember that the user could start up 
    subshells or other command interpreters, and exiting those subprocesses should not 
    end the SSH session.

    Assume the username is {username}.

# The valid user accounts and passwords for the SSH server, in the
# form "username = password".  Note that you can enable login without 
# a password by leaving that field blank (e.g., "guest =" on a line by
# itself). You can set an account to accept ANY password, including an empty
# password, by setting the password to "*"
[user_accounts]
guest = 
user1 = secretpw
user2 = password123
root = *