Endlessh "Failed to start Endlessh SSH Tarpit"

Oxykore

5/3/23, 12:48 PM

I have just learned about Endlessh package, I have installed following steps described in this video https://www.youtube.com/watch?v=SKhKNUo6rJU

But when it comes to check if Endlessh is listenning port 22 nothing happens, Then, I checked the status to see if it's running but it doesn't, here the result I have :

xxxxxxxxx@localhost:~$ sudo systemctl status endlessh.service
● endlessh.service - Endlessh SSH Tarpit
     Loaded: loaded (/etc/systemd/system/endlessh.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Mon 2022-01-03 13:14:16 CET; 2min 32s ago
       Docs: man:endlessh(1)
    Process: 186607 ExecStart=/usr/local/bin/endlessh (code=exited, status=1/FAILURE)
   Main PID: 186607 (code=exited, status=1/FAILURE)

Jan 03 13:13:46 localhost systemd[1]: endlessh.service: Main process exited, code=exited, status=1/FAILURE
Jan 03 13:13:46 localhost systemd[1]: endlessh.service: Failed with result 'exit-code'.
Jan 03 13:14:16 localhost systemd[1]: endlessh.service: Scheduled restart job, restart counter is at 4.
Jan 03 13:14:16 localhost systemd[1]: Stopped Endlessh SSH Tarpit.
Jan 03 13:14:16 localhost systemd[1]: endlessh.service: Start request repeated too quickly.
Jan 03 13:14:16 localhost systemd[1]: endlessh.service: Failed with result 'exit-code'.
Jan 03 13:14:16 localhost systemd[1]: Failed to start Endlessh SSH Tarpit.
Jan 03 13:15:59 localhost systemd[1]: endlessh.service: Start request repeated too quickly.
Jan 03 13:15:59 localhost systemd[1]: endlessh.service: Failed with result 'exit-code'.
Jan 03 13:15:59 localhost systemd[1]: Failed to start Endlessh SSH Tarpit.

while looking further answers to my issue, I found on github of skeeto/endlessh, this : https://github.com/skeeto/endlessh/issues/39#issuecomment-727283671

I tried but I still get the same Failure status when restarting endlessh. I forgot to mention that I create a config file in endlessh folder /etc/endlessh/config:

# The port on which to listen for new SSH connections.
Port 22

# The endless banner is sent one line at a time. This is the delay
# in milliseconds between individual lines.
Delay 10000

# The length of each line is randomized. This controls the maximum
# length of each line. Shorter lines may keep clients on for longer if
# they give up after a certain number of bytes.
MaxLineLength 32

# Maximum number of connections to accept at a time. Connections beyond
# these are not immediately rejected but will wait in the queue.
MaxClients 4096

# Set the detail level for the log.
# 0 = Quiet
# 1 = Standard, useful log messages
# 2 = Very noisy debugging information
LogLevel 0

# Set the family of the listening socket
# 0 = Use IPv4 Mapped IPv6 (Both v4 and v6, default)
# 4 = Use IPv4 only
# 6 = Use IPv6 only
BindFamily 0

Do you have any ideas what is wrong ? should I restart the server ? Thank :)

133

0 + 0

ssh

20.04

Artur Meinild

5/3/23, 12:54 PM

Disclaimer: I'm well aware this isn't even pretend to being an answer: But isn't this an inherently bad idea? I would assume it's better to close port 22 altogether. With this, your server is still present online, and could be perceived as a target on other ports. It's best to be as invisible as possible, IMO.

Oxykore

5/3/23, 1:07 PM

Hi Arthur, well I still need to log on using SSH as it's VPS, but I admit changing port 22 to another one would prevent brute force bot and/or such, I'm already using fail2ban and forbide root login, I just want with endlessh prevent a dedicated attack

Artur Meinild

5/3/23, 1:37 PM

So your OpenSSH server is on a different port than 22? Because it should be in any case.

MikroPower

5/3/23, 1:50 PM

See how he is doing this in this video: https://www.youtube.com/watch?v=z-7CEklXcxY&ab_channel=SemperVideo You should use the port 2222, so that you can use 22 internal. You have to configure your router so, that a attack on 22 will be transfered to 2222, where your tarpit can do his job.

user68186

5/3/23, 1:56 PM

Do you have a file `/etc/systemd/system/endlessssh.service`? If so, please add it's content to your question.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Endlessh "Failed to start Endlessh SSH Tarpit"

TH: Endlessh "ไม่สามารถเริ่ม Endlessh SSH Tarpit"

RO: Endlessh „Nu s-a pornit Endlessh SSH Tarpit”

RU: Endlessh "Не удалось запустить Endlessh SSH Tarpit"

VI: Endlessh "Không thể khởi động Endlessh SSH Tarpit"

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.