Interested in having some fun with Kippo (an SSH honeypot) on your Digital Ocean server? Here's a super fast getting started guide based on this doc:

  • Do an apt-get update && apt-get upgrade
  • Open etc/ssh/sshd_config
    • Change the port to be some odd port you want to use for legit SSH management, like 9999 or 1357.
  • Restart ssh with reload ssh
  • Install Kippo dependencies with apt-get install python-dev openssl python-openssl python-pyasn1 python-twisted
  • Get subversion to install kippo with apt-get install subversion
  • Create kippo user with useradd -d /home/kippo -s /bin/bash -m kippo -g sudo
  • Install authbind with apt-get install authbind
  • Create a file called /etc/authbind/byport/22
    • Set ownership on it with chown kippo /etc/authbind/byport/22
  • Change permissions on it with chmod 777 /etc/authbind/byport/22
  • Change to the kippo user with su kippo
  • Hit cd to go to kippo home dir.
  • Download kippo SVN with svn checkout http://kippo.googlecode.com/svn/trunk/ ./kippo
  • cd to kippo dir with cd kippo
  • Move and rename default config file with mv kippo.cfg.dist kippo.cfg and then open it
    • Change the ssh_port from 2222 to 22
  • Start the kippo service with ./start.sh
  • Start tailing the /home/kippo/kippo/log/kippo.log file to see authentication attempts!

More to come. From here I want to get the mysql part setup so I can more easily query the auth attempts being made. I'm also interested in setting up a legit kippo user so I can see what terminal commands a bad guy might use upon "hacking" into my network.