🏡 index : ~doyle/pisshoff.git

author Jordan Doyle <jordan@doyle.la> 2023-06-25 16:12:34.0 +00:00:00
committer Jordan Doyle <jordan@doyle.la> 2023-06-25 16:12:37.0 +00:00:00
commit 
c7068ca36462d8c8f3464e874226d3ad763564eb [patch]
tree 
01e619f4adba56b23b7e850697a02a9929675b2b
parent 
6e1b423f11e391570f077c62124365dcfa28598c
download 
c7068ca36462d8c8f3464e874226d3ad763564eb.tar.gz

Opt for a stealthier server-id string that doesn't mention thrussh




Diff


 src/config.rs | 24 ++++++++++++++++++++++++
 src/main.rs   |  1 +
 2 files changed, 25 insertions(+)

diff --git a/src/config.rs b/src/config.rs
index 0f848a6..753d8eb 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -30,13 +30,37 @@ impl Args {
#[serde(rename_all = "kebab-case")]
pub struct Config {
    /// Address for the server to listen on.
    #[serde(default = "Config::default_listen_address")]
    pub listen_address: SocketAddr,
    /// The probability that an authentication attempt will succeed, once a given password
    /// has been accepted once - it will be accepted for the rest of the lifetime of the
    /// instance.
    #[serde(default = "Config::default_access_probability")]
    pub access_probability: f64,
    /// Path of the file to write audit logs to.
    #[serde(default = "Config::default_audit_output_file")]
    pub audit_output_file: PathBuf,
    /// The server ID string sent at the beginning of the SSH connection.
    #[serde(default = "Config::default_server_id")]
    pub server_id: String,
}

impl Config {
    fn default_listen_address() -> SocketAddr {
        "0.0.0.0:22".parse().unwrap()
    }

    fn default_access_probability() -> f64 {
        0.2
    }

    fn default_audit_output_file() -> PathBuf {
        "/var/log/pisshoff/audit.log".parse().unwrap()
    }

    fn default_server_id() -> String {
        "SSH-2.0-OpenSSH_9.3".to_string()
    }
}

fn load_config<T: DeserializeOwned>(path: &str) -> Result<Arc<T>, std::io::Error> {
diff --git a/src/main.rs b/src/main.rs
index 1c45609..d53ac86 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -45,6 +45,7 @@ async fn run() -> anyhow::Result<()> {
    let keys = vec![thrussh_keys::key::KeyPair::generate_ed25519().unwrap()];

    let thrussh_config = Arc::new(thrussh::server::Config {
        server_id: args.config.server_id.to_string(),
        methods: MethodSet::PASSWORD | MethodSet::PUBLICKEY | MethodSet::KEYBOARD_INTERACTIVE,
        keys,
        auth_rejection_time: std::time::Duration::from_secs(1),