Kippo is a medium interaction SSH-honeypot. It can log brute force attacks and track the interaction performed by an attacker. In this article I will show how to setup kippo on Ubuntu 10.04.
We won't download the tar ball from the latest release. Instead we will fetch the latest version from the subversion repository.
If subversion isn't currently available on your system, go and install it.
$ sudo apt-get install subversion
Kippo needs the twisted network engine. So install it, too.
$ sudo apt-get install python-twisted
After this create a new folder and fetch the latest version from the subversion repository.
$ mkdir svn
$ cd svn
$ svn checkout http://kippo.googlecode.com/svn/trunk/ kippo-read-only
There is already an example of a configuration file in the repository. So for the first run just copy it from kippo.cfg.dist to kippo.cfg
$ cd kippo-read-only/
$ cp kippo.cfg.dist kippo.cfg
Now you can start kippo by running the start.sh script.
$ ./start.sh
Try to connect to the honeypot. The username is "root" and the password is "123456". To exit the ssh connection close the console window.
$ ssh -p 2222 root@localhost
Edit the configuration file to fit your needs.
Links
- kippo at google code (english)