feat: implement SSH honeypot server with auth and config

Add core SSH server with password authentication, per-IP failure tracking, credential memory with TTL, and static credential support. Includes TOML config loading with validation, Ed25519 host key auto-generation, and a Nix package output. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-14 16:36:12 +01:00
parent f657b90357
commit 51fdea0c2f
13 changed files with 1063 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -7,3 +7,42 @@ Named after the medieval dungeon - a place you throw people into and forget abou
 ## Status

 Early development. See `PLAN.md` for the roadmap.
+
+## Usage
+
+### Build
+
+```sh
+# With Nix
+nix build
+
+# With Go
+nix develop -c go build ./cmd/oubliette
+```
+
+### Configure
+
+Copy and edit the example config:
+
+```sh
+cp oubliette.toml.example oubliette.toml
+```
+
+Key settings:
+- `ssh.listen_addr` — listen address (default `:2222`)
+- `ssh.host_key_path` — Ed25519 host key, auto-generated if missing
+- `auth.accept_after` — accept login after N failures per IP (default `10`)
+- `auth.credential_ttl` — how long to remember accepted credentials (default `24h`)
+- `auth.static_credentials` — always-accepted username/password pairs
+
+### Run
+
+```sh
+./oubliette -config oubliette.toml
+```
+
+Test with:
+
+```sh
+ssh -o StrictHostKeyChecking=no -p 2222 root@localhost
+```