Deployment of Kippo SSH Honeypot on Ubuntu Linux

Introduction

Do you feel that someone is attempting to access you server? To find out, you can deploy a honeypot within your system to help you ease your paranoia by either confirming or dismissing your initial believe. As an example you can start the Kippo SSH honeypot, which allows you to monitor brute-force attempts, collect up today exploits and malware. Kippo also automatically records hacker’s shell session, which you can replay to explore various hacking techniques and later use this gathered knowledge to harden your production server. Another reason why to install a honeypot is to take away an attention from your production server. In this tutorial we will show how to deploy a Kippo SSH honeypot on the Ubuntu server.

Prerequisites

Kippo SSH honeypot is a python based application. Therefore, we need to first install python libraries:

$ sudo apt-get install python-twisted

Normally you would run you sshd service listening on default port 22. It makes sense to use this port for your SSH honeypot and thus if you already run the SSH service we need to change the default port to some other number. I would suggest not to use alternative port 2222 as its use is already generally known and it could sabotage your disguise. Let’s pick some random 4-digit number like 4632. Open your SSH /etc/ssh/sshd_config configuration file and change the Port directive from:

Read more