Data collection and SSH Honeypot not working

Hello,
it looks like since 11 October are not updated data in “Data from tour router” and also SSH Honeypot is not receiving any new data.

Turris omnia, TurrisOS 4.0.1

It looks like Honeypot is not working completely, if i try to ssh to my public IP port is closed.

Can somene from Turris team answer following qusetions?

  1. is SSH honeypot working in TOS4?
  2. is data collection working in TOS4?
  1. It works but you have to register device manually on https://haas.nic.cz and add device token to /etc/config/haas.
  2. It works but is not available to end users. It will be reintroduced. The only currently easily available component is dynamic firewall that is installed and automatically activated when you enable data collection package list in updater tab in Foris.
2 Likes

Thanks. if I have already registered Omnia with TO3, can I somehow get token? or I need to start from scratch?

Yes, you need to login to the website of the Honeypot as a Service, and after login, you can see there your devices. Find your device, which you used in the past and nearby it click on Device settings. Now you see the token and copy it and paste it to the configuration file /etc/config/haas, which you can find on your router.

If you would like to start from scratch, just create a new device.

1 Like

I am on a MOX class with Turris 4.05 mainly configure through Luci.

How do I know that the SSH Honeypot is working?
I have entered the token, but his does not change anything on the honeypot as a service webpage?

In the config file there is also a special firewall zone mentioned. I don’t have that zone. Do I need to set it up? There must be some firewall rules for the honeypot, right? I don`t see any.

I don’t have MOX, but I suppose it should be the same like in my Omnia.

Can you see your device on page https://haas.nic.cz/devices/?

When you click on name of your device on this page, you can see history of sessions captured by SSH Honeypot:

You can check firewall rules (from port 22 in WAN to port 2525) in LuCi page “Status -> Firewall” at http://192.168.2.1/cgi-bin/luci/admin/status/iptables (replace 192.168.2.1 with LAN address of your router) in chain “zone_wan_prerouting”:

Or you can check to connect to WAN address of your router at https://sshcheck.com/.
SSH Honeypot is reported like “SSH-2.0-Twisted” (normal SSH is “SSH-2.0-OpenSSH_7.9” on my Omnia):
image

Thx @Skippi

I needed to add the forwarding rule manually.
I also connected successfully through a phone.

What Is strange though is that the session count does not change. It is still 0 on https://haas.nic.cz/devices/?

Isn’t that updated live?

It is working now!
Sessions are just not updated in real-time.

Captured sessions are updated once per hour. You can see it if you display sessions for your device.

This topic was automatically closed after 33 days. New replies are no longer allowed.