• Stars
    star
    414
  • Rank 104,550 (Top 3 %)
  • Language
    Rust
  • License
    MIT License
  • Created over 3 years ago
  • Updated over 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Imagine your SSH server only listens on an IPv6 address, and where the last 6 digits are changing every 30 seconds as a TOTP code...

tosh

Imagine your SSH server only listens on an IPv6 address, and where the last 6 digits are changing every 30 seconds as a TOTP code...

Inspired from this tweet (Wayback machine)

Looking for a way simpler, bash implementation? Check out old branch.

Notes

This was made because... I could make it, not if I should make it. Yes, you read it right - it's a toy. Only use it if you know what you are doing. I am not up to handholding, preventing any footguns nor basic support requests.

Its purpose is just to add a layer of obscurity, it's probably only effective against bots (allthough most of them disappear after moving on to IPv6) and script kiddies. If you're being targeted by e.g government agencies or people who definitely know what they do, then this probably won't help you.

Using this on top of unconfigured (in other words, running stock configuration) SSH server is always a bad idea, so please configure your SSH server to e.g do only public key authentication, disable login for unnecessary users (e.g allow only members of group canssh to login) etc.

To make things more fun, you may want to adjust your firewall rules to forward to SSH tarpit by default.

Besides that, you NEED to ensure that your server and client times are in sync. You might want to look into chrony.

A few great alternatives to this:

Usage

Assign yourself an IPv6 subnet, replace last 6 hex characters with x.

fd15:4ba5:5a2b:1008:20c:29ff:fe1a:9587 -> fd15:4ba5:5a2b:1008:20c:29ff:fexx:xxxx

Create a base32 TOTP secret, using e.g gen-oath-safe mikroskeem totp

$ export TOSH_IP_TEMPLATE=fd15:4ba5:5a2b:1008:20c:29ff:fexx:xxxx
$ export TOSH_TOTP_SECRET=3OBVZP4AI74OIJO5YGV3UEXKXS6ISJ6H
$ tosh generate
fd15:4ba5:5a2b:1008:20c:29ff:fe59:3001

Example setups

Roadmap

  • Describe example setup with iptables & systemd
  • ssh wrapper (ProxyCommand feature?)

FAQ

Why Rust?

I am looking forward to building a cross-platform program easily, which works even on Windows.

Where's client?

Not done yet. Reference implementation will work inside ssh ProxyCommand option.

More Repositories

1

radicalaces

Radical Aces Classic ported to desktop
Java
22
star
2

depot

Lightweight Maven repository software
Go
11
star
3

libexecinfo

libexecinfo for musl libc
C
11
star
4

PicoMaven

Lightweight Maven client to download libraries
Java
9
star
5

Shuriken

Shuriken, the Java utilities collection
Java
6
star
6

zorg

Back up ZFS snapshots to Borg
Shell
5
star
7

BenjiAuth

An authentication plugin for BungeeCord
Kotlin
5
star
8

musl_root

Yet another Musl-based lightweight container or distribution bootstrapper
Shell
4
star
9

nixos-snaphook

Take system snapshot before rebuilding & switching NixOS installation to a new configuration
Nix
4
star
10

nginx-config

nginx configs commonly used by machines I set up
Shell
4
star
11

freighter

Freighter is a basic shell script for setting up and deploying Alpine Linux with ZFS and Docker
Shell
4
star
12

MiniWynn

Mini WynnCraft tryhard weapon system clone made for fun
Java
4
star
13

apple-set-os

Small UEFI program to spoof OS on Macs
Rust
3
star
14

BukkitClj

Bukkit Clojure scripting platform
Java
3
star
15

Jutuskeem

Extremely simple chat plugin
Kotlin
3
star
16

votifier2-java

Votifier protocol v2 library for Java
Java
3
star
17

dot

dotfiles
Shell
2
star
18

Casino

Casino plugin for Spigot. Some features stripped out from original.
Java
2
star
19

BukkitGroovy

Execute Groovyscript from command
Java
2
star
20

OfflineInvsee

A NBT experiment
Java
2
star
21

SleekHomes

Simple homes plugin
Kotlin
2
star
22

near-cli-flake

NEAR CLI Nix Flake
Nix
2
star
23

geosvc

MaxMind GeoLite2 Country database microservice
Go
2
star
24

home

My Nix configuration for home and systems
Shell
2
star
25

nightsnack

Eat snacks at night and don't waste your time on downloading music from YouTube
Python
2
star
26

gohipku

Encode any IP address as a haiku - Go port of gabemart/hipku
Go
2
star
27

kd-autologin

http://koding.com/ login bot, keeps up VM
JavaScript
1
star
28

nix-parallels

NixOS overlay for Parallels Desktop tools
1
star
29

antiabuse

Nim
1
star
30

asynclighting

[WIP] Port of Sponge's Async Lighting V2 patch for Paper (on top of Orion)
Java
1
star
31

mctrack

a toy project
Go
1
star
32

vault-autounseal

Simple HashiCorp Vault unsealing solution
Go
1
star
33

overhook

Clojure
1
star
34

hackermatternews

https://news.ycombinator.com webhook bot for Mattermost written in Go
Go
1
star
35

minecraft-containers

Docker images for Minecraft for use in Pterodactyl panel
Shell
1
star
36

misc

Misc utilities and stuff
Shell
1
star
37

dot2

Emacs Lisp
1
star
38

clr-bundles

Shell
1
star
39

BungeeClasspathInjector

A plugin what injects libraries into BungeeCord's classpath
Java
1
star
40

Neekerbot

A telegram bot used in one groupchat
Kotlin
1
star
41

dualwan

dual wan bootstrap script
Python
1
star
42

concourse-nix

Nix derivation to build & run Concourse (worker)
Nix
1
star
43

pks-openpgp-card

https://gitlab.com/sequoia-pgp/pks-openpgp-card.git
Rust
1
star
44

elrond-keygen

Elrond keypair generator
Go
1
star
45

circle

Circle compiler on Nix
Nix
1
star
46

shush

Filter out chat messages from plugins in some worlds
Kotlin
1
star
47

quackit

Quake/Valve .cfg file parser
Go
1
star