torjus/oubliette
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-03-09. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
462c44ce894b2c883fc767e42af1e57997d4e856
oubliette/README.md
Torjus Håkestad 8e90f21d91 feat: add Smart Fridge shell and per-credential shell routing 
Implement Samsung FridgeOS-themed shell (PLAN.md §3.3) with inventory
management, temperature controls, diagnostics, alerts, and other
appliance commands. Add per-credential shell routing so static
credentials can specify which shell to use via the `shell` config field,
passed through ssh.Permissions.Extensions.

Also extract shared ReadLine helper from bash to the shell package so
both shells can reuse terminal input handling.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-14 22:34:29 +01:00

85 lines
2.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Oubliette
An SSH honeypot that logs login attempts, presents fake shells to "successful" logins, and tries to detect when a real human is poking around.
Named after the medieval dungeon - a place you throw people into and forget about them.
## Status
Early development. See `PLAN.md` for the roadmap.
## Usage
### Build
```sh
# With Nix
nix build
# With Go
nix develop -c go build ./cmd/oubliette
```
### Configure
Copy and edit the example config:
```sh
cp oubliette.toml.example oubliette.toml
```
Key settings:
- `ssh.listen_addr` — listen address (default `:2222`)
- `ssh.host_key_path` — Ed25519 host key, auto-generated if missing
- `auth.accept_after` — accept login after N failures per IP (default `10`)
- `auth.credential_ttl` — how long to remember accepted credentials (default `24h`)
- `auth.static_credentials` — always-accepted username/password pairs (optional `shell` field routes to a specific shell)
- Available shells: `bash` (fake Linux shell), `fridge` (Samsung Smart Fridge OS)
- `storage.db_path` — SQLite database path (default `oubliette.db`)
- `storage.retention_days` — auto-prune records older than N days (default `90`)
- `storage.retention_interval` — how often to run retention (default `1h`)
- `shell.hostname` — hostname shown in shell prompts (default `ubuntu-server`)
- `shell.banner` — banner displayed on connection
- `shell.fake_user` — override username in prompt; empty uses the authenticated user
- `web.enabled` — enable the web dashboard (default `false`)
- `web.listen_addr` — web dashboard listen address (default `:8080`)
- Session detail pages at `/sessions/{id}` include terminal replay via xterm.js
- `detection.enabled` — enable human detection scoring (default `false`)
- `detection.threshold` — score threshold (0.01.0) for flagging sessions (default `0.6`)
- `detection.update_interval` — how often to recompute scores (default `5s`)
- `notify.webhooks` — list of webhook endpoints for notifications (see example config)
### Run
```sh
./oubliette -config oubliette.toml
```
Test with:
```sh
ssh -o StrictHostKeyChecking=no -p 2222 root@localhost
```
### NixOS Module
Add the flake as an input and enable the service:
```nix
{
services.oubliette = {
enable = true;
package = inputs.oubliette.packages.${system}.default;
settings = {
ssh.listen_addr = ":2222";
auth.accept_after = 10;
auth.static_credentials = [
{ username = "root"; password = "toor"; }
];
};
};
}
```
Alternatively, use `configFile` to pass a pre-written TOML file instead of `settings`.
Reference in New Issue View Git Blame Copy Permalink