oubliette

3 Commits 1 Branch 0 Tags

Author	SHA1	Message	Date
Torjus Håkestad	a40110f2f5	fix: address high-severity security issues from review - Use subtle.ConstantTimeCompare for static credential checks to prevent timing side-channel attacks - Cap failCounts (100k) and rememberedCreds (10k) maps with eviction to prevent memory exhaustion from botnet-scale scanning - Sweep expired credentials on each auth attempt - Add configurable max_connections (default 500) with semaphore to limit concurrent connections and prevent goroutine/fd exhaustion Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-14 16:41:23 +01:00
Torjus Håkestad	51fdea0c2f	feat: implement SSH honeypot server with auth and config Add core SSH server with password authentication, per-IP failure tracking, credential memory with TTL, and static credential support. Includes TOML config loading with validation, Ed25519 host key auto-generation, and a Nix package output. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-14 16:36:12 +01:00
Torjus Håkestad	f657b90357	chore: initial commit Add project scaffolding: CLAUDE.md, PLAN.md, README.md, flake.nix, and go.mod. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-14 16:18:04 +01:00

Author

SHA1

Message

Date

Torjus Håkestad

a40110f2f5

fix: address high-severity security issues from review

- Use subtle.ConstantTimeCompare for static credential checks to
  prevent timing side-channel attacks
- Cap failCounts (100k) and rememberedCreds (10k) maps with eviction
  to prevent memory exhaustion from botnet-scale scanning
- Sweep expired credentials on each auth attempt
- Add configurable max_connections (default 500) with semaphore to
  limit concurrent connections and prevent goroutine/fd exhaustion

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-14 16:41:23 +01:00

Torjus Håkestad

51fdea0c2f

feat: implement SSH honeypot server with auth and config

Add core SSH server with password authentication, per-IP failure
tracking, credential memory with TTL, and static credential support.
Includes TOML config loading with validation, Ed25519 host key
auto-generation, and a Nix package output.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-14 16:36:12 +01:00

Torjus Håkestad

f657b90357

chore: initial commit

Add project scaffolding: CLAUDE.md, PLAN.md, README.md, flake.nix, and go.mod.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-14 16:18:04 +01:00