torjus/oubliette
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-03-09. You can view files and clone it. You cannot open issues or pull requests or push a commit.
30 Commits 1 Branch 0 Tags
1a407ad4c2b41c5f68988097ee8abba2bd89d83a
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

Oubliette

An SSH honeypot that logs login attempts, presents fake shells to "successful" logins, and tries to detect when a real human is poking around.

Named after the medieval dungeon - a place you throw people into and forget about them.

Status

Early development. See PLAN.md for the roadmap.

Usage

Build

# With Nix
nix build

# With Go
nix develop -c go build ./cmd/oubliette

Configure

Copy and edit the example config:

cp oubliette.toml.example oubliette.toml

Key settings:

  • ssh.listen_addr — listen address (default :2222)
  • ssh.host_key_path — Ed25519 host key, auto-generated if missing
  • auth.accept_after — accept login after N failures per IP (default 10)
  • auth.credential_ttl — how long to remember accepted credentials (default 24h)
  • auth.static_credentials — always-accepted username/password pairs (optional shell field routes to a specific shell)
  • Available shells: bash (fake Linux shell), fridge (Samsung Smart Fridge OS), banking (80s-style bank terminal TUI)
  • storage.db_path — SQLite database path (default oubliette.db)
  • storage.retention_days — auto-prune records older than N days (default 90)
  • storage.retention_interval — how often to run retention (default 1h)
  • shell.hostname — hostname shown in shell prompts (default ubuntu-server)
  • shell.banner — banner displayed on connection
  • shell.fake_user — override username in prompt; empty uses the authenticated user
  • web.enabled — enable the web dashboard (default false)
  • web.listen_addr — web dashboard listen address (default :8080)
    • Session detail pages at /sessions/{id} include terminal replay via xterm.js
  • detection.enabled — enable human detection scoring (default false)
  • detection.threshold — score threshold (0.01.0) for flagging sessions (default 0.6)
  • detection.update_interval — how often to recompute scores (default 5s)
  • notify.webhooks — list of webhook endpoints for notifications (see example config)

Run

./oubliette -config oubliette.toml

Test with:

ssh -o StrictHostKeyChecking=no -p 2222 root@localhost

NixOS Module

Add the flake as an input and enable the service:

{
  services.oubliette = {
    enable = true;
    package = inputs.oubliette.packages.${system}.default;
    settings = {
      ssh.listen_addr = ":2222";
      auth.accept_after = 10;
      auth.static_credentials = [
        { username = "root"; password = "toor"; }
      ];
    };
  };
}

Alternatively, use configFile to pass a pre-written TOML file instead of settings.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 1 MiB
Languages
Go 93.3%
HTML 2.4%
JavaScript 2.4%
CSS 1%
Nix 0.8%
Other 0.1%