Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. Kippo is inspired, but not based on Kojoney.
Website: http://code.google.com/p/kippo/
Installing Kippo: (Ubuntu)
All dependencies should be covered via the following command:
$ sudo apt-get install python-twisted
Get source code:
$ svn checkout http://kippo.googlecode.com/svn/trunk/ kippo
Running Kippo on port 22 instead of the default port 2222.
(Credits: Pedro H. Matheus)
create a user “kippo” which belongs to the group “kippo”.
Install authbind
$ sudo apt-get install authbind
Next with root:
# touch /etc/authbind/byport/22
# chown kippo:kippo /etc/authbind/byport/22
# chmod 777 /etc/authbind/byport/22
Now with the kippo’s user replace the line the start.sh from:
twistd -y kippo.tac -l log/kippo.log –pidfile kippo.pid
to:
authbind –deep twistd -y kippo.tac -l log/kippo.log –pidfile kippo.pid
Dont forget to change the port in kippo.cfg to 22 🙂
Extra Commands by Bas Stottelaar
# git clone https://github.com/basilfx/kippo-commands.git kippo-commands