Staubgeborener · October 7, 2024 18:41
diff --git a/install_endlessh.sh b/install_endlessh.sh
 #!/bin/bash
 # automatic installation of endlessh, always works for me at least
 #
 # run script with:
 # wget -q -O /tmp/install_endlessh.sh https://gist.githubusercontent.com/Staubgeborener/d55e42b8b6f951f054af823dfd71e214/raw/ && sudo bash /tmp/install_endlessh.sh

 sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

 sudo apt install git
 git clone https://github.com/skeeto/endlessh/
 cd endlessh-master

 make

 sudo cp endlessh /usr/local/bin/
 sudo cp util/endlessh.service /etc/systemd/system/

 sudo mkdir /etc/endlessh

 sudo cat <<EOF > /etc/endlessh/config
 Port 22
 Delay 10000
 MaxLineLength 32
 MaxClients 4096
 LogLevel 0
 BindFamily 0
 EOF

 sudo cat <<EOF > /etc/systemd/system/endlessh.service
 [Unit]
 Description=Endlessh SSH Tarpit
 Documentation=man:endlessh(1)
 Requires=network-online.target

 [Service]
 Type=simple
 Restart=always
 RestartSec=30sec
 ExecStart=/usr/local/bin/endlessh
 KillSignal=SIGTERM

 # Stop trying to restart the service if it restarts too many times in a row
 StartLimitInterval=5min
 StartLimitBurst=4

 StandardOutput=journal
 StandardError=journal
 StandardInput=null

 PrivateTmp=true
 PrivateDevices=true
 ProtectSystem=full
 ProtectHome=true
 #InaccessiblePaths=/run /var

 ## If you want Endlessh to bind on ports < 1024
 ## 1) run:
 ##     setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh
 ## 2) uncomment following line
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 ## 3) comment following line
 #PrivateUsers=true

 NoNewPrivileges=true
 ConfigurationDirectory=endlessh
 ProtectKernelTunables=true
 ProtectKernelModules=true
 ProtectControlGroups=true
 MemoryDenyWriteExecute=true

 [Install]
 WantedBy=multi-user.target
 EOF

 sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh

 sudo systemctl daemon-reload
 sudo systemctl enable --now endlessh.service
 sudo systemctl start endlessh.service
 sudo systemctl status endlessh.service

 sudo rm /tmp/install_endlessh.sh
 echo -e "\n--------------------------------\nChange line #Port 22 in /etc/ssh/sshd_config to something like Port XXX where XXX is your new ssh port\n--------------------------------\n"
	#!/bin/bash
	# automatic installation of endlessh, always works for me at least
	#
	# run script with:
	# wget -q -O /tmp/install_endlessh.sh https://gist.githubusercontent.com/Staubgeborener/d55e42b8b6f951f054af823dfd71e214/raw/ && sudo bash /tmp/install_endlessh.sh

	sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

	sudo apt install git
	git clone https://github.com/skeeto/endlessh/
	cd endlessh-master

	make

	sudo cp endlessh /usr/local/bin/
	sudo cp util/endlessh.service /etc/systemd/system/

	sudo mkdir /etc/endlessh

	sudo cat <<EOF > /etc/endlessh/config
	Port 22
	Delay 10000
	MaxLineLength 32
	MaxClients 4096
	LogLevel 0
	BindFamily 0
	EOF

	sudo cat <<EOF > /etc/systemd/system/endlessh.service
	[Unit]
	Description=Endlessh SSH Tarpit
	Documentation=man:endlessh(1)
	Requires=network-online.target

	[Service]
	Type=simple
	Restart=always
	RestartSec=30sec
	ExecStart=/usr/local/bin/endlessh
	KillSignal=SIGTERM

	# Stop trying to restart the service if it restarts too many times in a row
	StartLimitInterval=5min
	StartLimitBurst=4

	StandardOutput=journal
	StandardError=journal
	StandardInput=null

	PrivateTmp=true
	PrivateDevices=true
	ProtectSystem=full
	ProtectHome=true
	#InaccessiblePaths=/run /var

	## If you want Endlessh to bind on ports < 1024
	## 1) run:
	## setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh
	## 2) uncomment following line
	AmbientCapabilities=CAP_NET_BIND_SERVICE
	## 3) comment following line
	#PrivateUsers=true

	NoNewPrivileges=true
	ConfigurationDirectory=endlessh
	ProtectKernelTunables=true
	ProtectKernelModules=true
	ProtectControlGroups=true
	MemoryDenyWriteExecute=true

	[Install]
	WantedBy=multi-user.target
	EOF

	sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh

	sudo systemctl daemon-reload
	sudo systemctl enable --now endlessh.service
	sudo systemctl start endlessh.service
	sudo systemctl status endlessh.service

	sudo rm /tmp/install_endlessh.sh
	echo -e "\n--------------------------------\nChange line #Port 22 in /etc/ssh/sshd_config to something like Port XXX where XXX is your new ssh port\n--------------------------------\n"