1ENDLESSH(1) BSD General Commands Manual ENDLESSH(1)
2
4 endless — An SSH tarpit
5
7 endless [-46chsvV] [-d delay] [-f config] [-l max banner length]
8 [-m max clients] [-p port]
9
11 endless is an SSH tarpit that very slowly sends an endless, random SSH
12 banner.
13 endless keeps SSH clients locked up for hours or even days at a time.
15 The purpose is to put your real SSH server on another port and then let
16 the script kiddies get stuck in this tarpit instead of bothering a real
17 server.
18 Since the tarpit is in the banner before any cryptographic exchange
20 occurs, this program doesn't depend on any cryptographic libraries. It's
21 a simple, single-threaded, standalone C program. It uses poll() to trap
22 multiple clients at a time.
23 The options are as follows:
25 -4 Forces endless to use IPv4 addresses only.
27 -6 Forces endless to use IPv6 addresses only.
29 -d delay
31 Message milliseconds delay. Default: 10000
32 -f config
34 Set and load config file. By default endless looks for /etc/end‐
35 lessh/config.
36 -h Print the help message and exit.
38 -l max banner length
40 Maximum banner line length (3-255). Default: 32
41 -m max clients
43 Maximum number of clients. Default: 4096
44 -p port
46 Set the listening port. By default endless listens on port 2222.
47 -s Print diagnostics to syslog. By default endless prints them to
49 standard output.
50 -v Print diagnostics. Can be specified up to twice to increase ver‐
52 bosity.
53 -V Causes endless to print version information and exit.
55 If endless receives the SIGTERM signal it will gracefully shut down the
57 daemon, allowing it to write a complete, consistent log.
58 A SIGHUP signal requests a reload of its configuration file.
60 A SIGUSR1 signal will print connections stats to the log.
62
64 /etc/endlessh/config The default endless configuration file.
65BSD January 29, 2020 BSD