's bl.aagh

BSD, Ruby, Rust, Rambling


An async Rust SSH tarpit


tarssh is an SSH tarpit — a server that trickles an endlessly repeating introductory banner to clients for as long as it remains connected, in order to expend the resources of attackers.

It's based on the same concept as Chris Wellons' Endlessh, a similar service written in C.

Tarssh is my first Rust program using Tokio, an asynchronous runtime that allows for the construction of highly scalable event-driven programs using kqueue, epoll and similar APIs, using Rust's Futures API.

It's a bit fiddly, requiring slightly awkward method chaining, the taming of increasingly spectacular type errors, as well as the navigation of some occasionally ropey documentation, but I'm quite pleased with the result:

-% tarssh -v --disable-timestamp &
[INFO  tarssh] listen, addr:
[INFO  tarssh] privdrop, enabled: false
[INFO  tarssh] sandbox, enabled: true
[INFO  tarssh] start, servers: 1, max_clients: 4096, delay: 10s, timeout: 30s
-% telnet 0 2222
[INFO  tarssh] connect, peer:, clients: 1
Connected to 0.
Escape character is '^]'.
My name is Yon Yonson
I liv^]
telnet> close
Connection closed.
-% [INFO  tarssh] disconnect, peer:, duration: 40.02s, error: Broken pipe (os error 32), clients: 0

As of writing this, I have three servers running for approximately 48 hours, and have thus far trapped over 400 clients (about 10% of the total) for at least an hour of Yon Yonson's riveting tale.