This sensor by default runs on port 22. This protocol allows the attacker to connect via his/her terminal to your bee and execute commands. The attacker can interact with the honeypot which responds in a real like scenario. It is even possible to download files (which will be scanned and showed in your dashboard).
Configure the SSH sensor
By default the HTTP sensor is enabled and running on port 22. To fully disable the sensor, click on the dropdown and select no. After clicking the save button it will take a maximum of 5 minutes before the sensor is disabled on your Bee. As mentioned, the SSH sensor runs default on ports 22 because thats most commonly the default instance for SSH servers. It is however possible to change the port by specifing the specific port and clicking on the save button.
Enable SSH
Enable/disable your SSH sensor
Enable SFTP
Enable/disable the SFTP functionallity
Hostname
Set a hostname for your SSH sensor
Port
Set the desired port
Fake IP
This IP is showed when an attacker looks up the last connected IP to the bee
Version
Select the (fake) SSH version for your sensor
Authentication method
Scroll down at this page for more information
Session timeout
An attacker will be automatically disconnected after the amount of minutes set in this field
Maximal download size
Specify a maximum download size of files
Enable Direct TCP Forwarding
Allow or disallow Direct TCP Forwarding
Authentication method
You can choose between 3 authentication methods:
No authentication
Preset
Random
No authentication
An attacker will always be allowed when code:No authentication is selected. The attacker does not have to specify a password and can just connect with an username only.
Preset
With code: Preset you can specify a list of users (and passwords) to accept. This is very useful to fool old employees for example.
Username
Enter a desired username, for example: pi.
Password
Enter a desired password, for example: raspberry. If you put a code:! in front of the desired password, it means it won’t accept the specific password you have entered. If you enter code:*only, it will accept all password combinations for the entered username.
This way you can add multiple entries, for example:
Username: pi
Password: *Username: pi
Password: !raspberry
The example above will accept all passwords for the user pi, except for the password code:raspberry
Random
You can choose this method if you want to allow an attacker after a random interval of login attempts. It will cache the succesful login attempt so it will accept the same details immediately next time.
Minimal N authentication attempts
Specify the minimal amount of attempts an attacker has to try to login.
Maximal N authentication attempts
Specify the maximal amount of attempts an attacker should try to login.
Cache N authentication attempts
Specify the amount of attempts your honeypot has to remember.