Torjus Håkestad
d655968216
Adds persistent storage using modernc.org/sqlite (pure Go). Login attempts are deduplicated by (username, password, ip) with counts. Sessions and session logs are tracked with UUID IDs. Includes embedded SQL migrations, configurable retention with background pruning, and an in-memory store for tests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1.7 KiB
1.7 KiB
Oubliette
An SSH honeypot that logs login attempts, presents fake shells to "successful" logins, and tries to detect when a real human is poking around.
Named after the medieval dungeon - a place you throw people into and forget about them.
Status
Early development. See PLAN.md for the roadmap.
Usage
Build
# With Nix
nix build
# With Go
nix develop -c go build ./cmd/oubliette
Configure
Copy and edit the example config:
cp oubliette.toml.example oubliette.toml
Key settings:
ssh.listen_addr— listen address (default:2222)ssh.host_key_path— Ed25519 host key, auto-generated if missingauth.accept_after— accept login after N failures per IP (default10)auth.credential_ttl— how long to remember accepted credentials (default24h)auth.static_credentials— always-accepted username/password pairsstorage.db_path— SQLite database path (defaultoubliette.db)storage.retention_days— auto-prune records older than N days (default90)storage.retention_interval— how often to run retention (default1h)
Run
./oubliette -config oubliette.toml
Test with:
ssh -o StrictHostKeyChecking=no -p 2222 root@localhost
NixOS Module
Add the flake as an input and enable the service:
{
services.oubliette = {
enable = true;
package = inputs.oubliette.packages.${system}.default;
settings = {
ssh.listen_addr = ":2222";
auth.accept_after = 10;
auth.static_credentials = [
{ username = "root"; password = "toor"; }
];
};
};
}
Alternatively, use configFile to pass a pre-written TOML file instead of settings.