Skip to main content
Configure SSH sensor

Get started with your SSH sensor.

Updated over 10 months ago

This sensor by default runs on port 22. This protocol allows the attacker to connect via his/her terminal to your bee and execute commands. The attacker can interact with the honeypot which responds in a real like scenario. It is even possible to download files (which will be scanned and showed in your dashboard).

Configure the SSH sensor

By default the HTTP sensor is enabled and running on port 22. To fully disable the sensor, click on the dropdown and select no. After clicking the save button it will take a maximum of 5 minutes before the sensor is disabled on your Bee. As mentioned, the SSH sensor runs default on ports 22 because thats most commonly the default instance for SSH servers. It is however possible to change the port by specifing the specific port and clicking on the save button.

Enable SSH
Enable/disable your SSH sensor

Enable SFTP
Enable/disable the SFTP functionallity

Hostname
Set a hostname for your SSH sensor

Port
Set the desired port

Fake IP
This IP is showed when an attacker looks up the last connected IP to the bee

Version
Select the (fake) SSH version for your sensor

Authentication method
Scroll down at this page for more information

Session timeout
An attacker will be automatically disconnected after the amount of minutes set in this field

Maximal download size
Specify a maximum download size of files

Enable Direct TCP Forwarding
Allow or disallow Direct TCP Forwarding

Authentication method

You can choose between 3 authentication methods:

  • No authentication

  • Preset

  • Random

No authentication

An attacker will always be allowed when code:No authentication is selected. The attacker does not have to specify a password and can just connect with an username only.

Preset

With code: Preset you can specify a list of users (and passwords) to accept. This is very useful to fool old employees for example.

Username
Enter a desired username, for example: pi.

Password
Enter a desired password, for example: raspberry. If you put a code:! in front of the desired password, it means it won’t accept the specific password you have entered. If you enter code:*only, it will accept all password combinations for the entered username.

This way you can add multiple entries, for example:

  • Username: pi
    Password: *

  • Username: pi
    Password: !raspberry

The example above will accept all passwords for the user pi, except for the password code:raspberry

Random

You can choose this method if you want to allow an attacker after a random interval of login attempts. It will cache the succesful login attempt so it will accept the same details immediately next time.

Minimal N authentication attempts
Specify the minimal amount of attempts an attacker has to try to login.

Maximal N authentication attempts
Specify the maximal amount of attempts an attacker should try to login.

Cache N authentication attempts
Specify the amount of attempts your honeypot has to remember.

Did this answer your question?