• Stars
    star
    920
  • Rank 49,655 (Top 1.0 %)
  • Language
    Go
  • Created over 8 years ago
  • Updated over 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Take security by obscurity to the next level (this is a bad idea, don't really use this please)

TOTP SSH port fluxing

Some people change their SSH port on their servers so that it is slightly harder to find for bots or other nasties, and while that is generally viewed as an action of security through obscurity it does work very well at killing a lot of the automated logins you always see in /var/log/auth.log

However what if we could go take this to a ridiculous level? What if we could use TOTP codes that are normally used as 2nd factor codes to login to websites to actually know what port the sshd server is listening on?

For this, I present totp-ssh-flux, a way to make sure your sshd port changes every 30 seconds, and possibly causing your adversaries a small period of frustration.

Demo:

gif

What you can see here is my phone (using a generic TOTP client) generating codes, that I can then use as the port to SSH into on a server.

The software behind it is fairly simple, It runs in a loop that does the following

  • Generates a TOTP token
  • Takes the last digit, if the result is above 65536, do that again
  • Adds a iptables PREROUTING rule to redirect that number generated above
  • Waits 30 seconds, removes that rule, repeat.

The neat thing is, because this is done in PREROUTING, even if the code expires, established connections stay connected.

Installation

You will most likely find more up to date instructions on the totp-ssh-flux project readme

Beware, currently I would not really recommend running this software, it was only written as a joke.

At the time of writing the project is just a single file, You will need to install golang and then go get and go build

Run the program as root ( it needs to, sorry, it's editing iptables )

Upon first run, the program will generate a token for the host in /etc/ssh-flux-key ( you can use the -keypath option to change that ) and you can input that into your phone or other clients.

You can confirm it works by running watch iptables -vL -t nat and waiting for the iptables rules to be inserted and removed.


Want to see more insanity like this? Follow me on twitter @benjojo12

More Repositories

1

dnsfs

Store your data in others DNS resolver cache
Go
832
star
2

bgp-battleships

Play battleships using BGP
Go
420
star
3

de-ip-hdmi

Convert a IP HDMI converter into a MKV stream
Go
374
star
4

sping

Split ping, see what direction the loss or latency is on
Go
306
star
5

userspace-vga2usb

A userspace driver implementation of the Epiphan VGA2USB LR
Go
292
star
6

dubstep-data

Put data inside dubstep drops
Go
278
star
7

hot-clone

Progressively image a mounted disk correctly without corruption
Go
276
star
8

bondcat

A netcat/ncat like tool that bonds multiple sockets together.
Go
223
star
9

ssh-key-confirmer

Test ssh login key acceptance without having the private key
Go
215
star
10

yubiTLS

A Go TLS/HTTPS server demo that uses a Yubikey as the backend for it's private key
Go
177
star
11

alertmanager-discord

Take your alertmanager alerts, into discord
Go
176
star
12

dos_ssh

Use BIOS ram hacks to make a SSH server out of any INT 10 13h app (MS-DOS is one of those)
Go
145
star
13

art-with-randomart

Making art with SSH key randomart
Go
134
star
14

six-onions

Like Tor2Web, but not just HTTP ( using IPv6 )
Go
121
star
15

eve-online-bgp-backbone

What would New Eden look like if it was a network?
Go
117
star
16

you-cant-curl-under-pressure

The infrastructure to the time pressure game around HTTP requests
Go
115
star
17

Countdown

Gameshow watching, auto tweeting robot.
C#
94
star
18

bpm

Library and tool for dealing with beats per second detection
Go
90
star
19

mcod

Minecraft servers that only run when people are playing on them
Go
90
star
20

Gmail_GeoIPTagger

An app script that will label your email from where in the world it was sent from
JavaScript
88
star
21

iptables-uwu

iptables target that uwu's outgoing packets
C
87
star
22

AnyCatch

"Where does this IP hit on a AnyCast network?!"
Go
86
star
23

qc-usb-userspace

A userspace USB driver for the logitech quickcam express
Go
71
star
24

bnblog

My blogging system ( Reinventing the wheel like every dev wants to do )
Go
67
star
25

gophervista

It's like AltaVista, but for RFC 1436 Gopher sites
Go
54
star
26

dell-N1100-tricks

Handy things you can run on a Dell N11XX switch to make it smarter than you would likely want it to be
C
54
star
27

dns-spies

The tools used for the DNS spies blog post
Go
50
star
28

IPoverFC

IP over ATA over FC (Cheap Ethernet over SCSI)
Go
49
star
29

upsetsysadmins

Corrupt stacks of arbitrary PIDs to change proctitle
Go
48
star
30

traceroute-haiku

A thing you can traceroute and it gives you a haiku inside the trace
Go
43
star
31

tealemetry

A tea coaster with temperature metrics
C++
39
star
32

dive-into-dos

The tools used with my "A dive into the world of MS-DOS viruses" talk
Go
38
star
33

c2bf

C2BF is a C compiler targeting brainfuck, written by the twisted mind of Gregor Richards.
C
32
star
34

Newmarket

Wrap a TCP connection over two HTTP connections, Previously named "RunAround"
Go
26
star
35

kiss_esp

A KISS speaking "TNC" for AX.25 that uses 802.11 rather than actual amateur radio.
C++
21
star
36

bgp-zerowindow-test

A malicious BGP daemon that forces a TCP zero window edge case
Go
19
star
37

BackToTheFuture

Respond to pings before they even arrive at the server
C
19
star
38

Domainiator

A quick mass domain crawler that I use to crawl zone files.
Go
17
star
39

dumb-net-poller

No SNMP? No problem! SSH -> collectd
Go
16
star
40

honk-benjojo

The benjojo.co.uk fork of honk
Go
15
star
41

TwIRC

A IRC server that posts your twitter stream, I use it with IRCCloud
Go
15
star
42

twitterd

Make twitter bots with speed and ease with a CGI like interface.
Go
14
star
43

dev_markov

echo -n "hello world" > /dev/mkov (This is obscure)
C
14
star
44

PushAlotAuth

A service that will send you a "Pushalot" notification when any kind of auth happens on a Linux system.
Go
13
star
45

ColorCollapse

A tool to convert all images (and CSS) on a page to enhance colours for the color blind
JavaScript
11
star
46

discord-attachment-backker-upper

A small tool to export your "attachments" (screenshots/images) from your discord backups
Go
10
star
47

win32-collectd

๐Ÿ“ก Win32 collectd PUTVAL exporter over serial, god help you if you need this
Visual Basic
9
star
48

dumb-nat-64

a simple, TCP only, nothing fancy, IPv6->iptables->IPv4 proxy.
Go
9
star
49

HoldThis

Holds directory bookmarks allowing access from any terminal
Go
9
star
50

Stego

Some insane way of hiding messages in jpeg artifacts.
C#
8
star
51

nowrap

Small C program to make sure lines don't wrap in a terminal (like when cat-ing logs)
C
7
star
52

gogetgithub

"go get" all the go repo's you have starred on github
Go
7
star
53

Navi

The bluetooth annoyer (This is passive payback to whoever it is where I work doing this to me)
Shell
7
star
54

LPT

Open source of my silly and terrible plate detection system.
C#
6
star
55

shovel

Append output of programs into SQL tables
Go
6
star
56

caffy-bgp

Dump BGP feeds into redis for distribution [Broken by dependency rot]
Go
6
star
57

fuck-yesware.js

Because no one wants that shit in their email
JavaScript
6
star
58

GitHubStudy

This isnt the code that I built my blog post on btw
Go
5
star
59

AutoWall

Semi Real time satellite desktop backgrounds
C#
5
star
60

CrashNet

The HTML for crashing browsers. Used in my "CrashNet" WiFi AP
5
star
61

NorthStar

A subpar gossip network, Uses DHT to find other nodes ( Ceased to be used in production )
Go
5
star
62

chromaprint-server

Server that takes in audio and gives out chromaprint
Go
5
star
63

webcam2collectd

Logs the brightness of a HTTP webcam into collectd
Go
5
star
64

-cmds

ยตCmds - Small but very useful commands.
Shell
4
star
65

OfflinePack

A useful set of stuff for offline dev
JavaScript
4
star
66

PAC

Polynomial Audio Codec, I honestly can't believe this even slightly works
Go
4
star
67

InternetMon

Because Tesco Broadband.
Python
4
star
68

tcpdump-to-bpf.benjojo.co.uk

Converts tcpdump filters into iptables rules
HTML
4
star
69

statstream

Collectd POST endpoint to redis + websocket endpoint
Go
4
star
70

gojson.com

The site code to gojson.com
Go
3
star
71

Discovery

A super scanner. Using libpcap.
C#
3
star
72

BBCDJ

A tool to grab all the things they have ever played
PHP
3
star
73

SoundCloudFS

A Dokan FUSE system that mounts your soundcloud stream [Not done yet]
C#
3
star
74

DomainHackGen

A tool that will find domain hacks (See wikipedia on "Domain Hacks")
C#
3
star
75

app0-image-jpeg

A drop in replacement to image/jpeg that adds a APP0 segment
Go
3
star
76

email-v6asserter

Consume a google takeout dump, and dump how much of it is done over v6
Go
3
star
77

SilentKiller

A tool that will kill the process you launch, if it falls silent
Go
3
star
78

dumb-rss-to-irc

lazily posts a RSS feed into a IRC room -- with few options
Go
2
star
79

PublicSwBPlugins

A place to file your pull requests for modules to go into swb
C#
2
star
80

MCClassicToolkit

A tool that will connect to all the minecraft classic servers, Download Levels. Then cartograph the levels
C#
2
star
81

Domainiator_frontend

Because github linguistics is broken and this really really bothers me.
JavaScript
2
star
82

TubeWifi

The MAC's and Lat longs of all the tube stations (that have virgin wifi) WIP
PHP
2
star
83

EmailBury

Get daily emails that become irrelevant after a week? Why see them in your inbox, This archives messages with a label after a week.
Gosu
2
star
84

flmmeuk

The (Really bad) source to flmmeuk
PHP
2
star
85

APLPrimeCheck

My entry to the Facepunch Obfuscation Challenge
2
star
86

irccloud_cat

Because IRCCloud's streaming point cannot be curl'd anymore
Go
2
star
87

FixedCGP

The version of CGP that I use that has a few fixes
PHP
1
star
88

benjojo.co.uk

The code that powers my frontpage
CSS
1
star
89

FacepunchByPhone

A phone in system to browse the facepunch forum (April fools joke 2014)
Go
1
star
90

TFLAnnouncer

A program that will announce when the next train to work is
Python
1
star
91

bochs

My fork of the Bochs sourcecode that has a fancy ram viewer
C++
1
star
92

aprs.go

An APRS decoder
Go
1
star
93

discord

The bot used in the FPP steam group.
C#
1
star