search

qeeqbox / honeypots

30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc)
GNU Affero General Public License v3.0
690 stars 110 forks source link

Support more HostKeyAlgorithms #58

Closed mattpallissard closed 8 months ago

mattpallissard commented 8 months ago

The honeypot only offers ssh-rsa as a HostKeyAlgorithm. (I suspect this is what issue #34 is about)

~  ssh -p 8022 root@localhost
Unable to negotiate with ::1 port 8022: no matching host key type found. Their offer: ssh-rsa

Which most modern versions of openssh will not connect to as the defaults are

                  ssh-ed25519-cert-v01@openssh.com,
                  ecdsa-sha2-nistp256-cert-v01@openssh.com,
                  ecdsa-sha2-nistp384-cert-v01@openssh.com,
                  ecdsa-sha2-nistp521-cert-v01@openssh.com,
                  sk-ssh-ed25519-cert-v01@openssh.com,
                  sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
                  rsa-sha2-512-cert-v01@openssh.com,
                  rsa-sha2-256-cert-v01@openssh.com,
                  ssh-ed25519,
                  ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
                  sk-ecdsa-sha2-nistp256@openssh.com,
                  sk-ssh-ed25519@openssh.com,
                  rsa-sha2-512,rsa-sha2-256

connecting with openssh requires adding -o HostKeyAlgorithms=+ssh-rsa like so

~  ssh -p 8022 -o HostKeyAlgorithms=+ssh-rsa root@localhost 
root@localhost's password: 
Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-31-generic x86_64)

It'd be handy if more host key algorithms were supported. Thanks!

mattpallissard commented 8 months ago

Whoops! disregard, I opened this in the wrong tab I meant to open this in a different project (honeytrap)