HaaS - SSH Honeypot setup help

iron-maiden · January 2, 2022, 9:50pm

Hello,

Trying to setup SSH minipot, couldn’t find a complete guide, so are the steps below correct? Do I need something more?

Change the sshd port to something else than 22 and restart sshd.
Install Haas, set the token from haas.nic.cz
Enable firewall rule “wan_ssh_turris_rule”, thats the predefined rule to accept 22 from wan
Additionally add port redirecting to sshd port if you need to connect to the router(ssh) from wan, actually this point I don’t understand, if sshd listens on another port I should add new rule to accept on that port, otherwise if sshd listens on 22 how will it work since it is routed to the haas-proxy.
Restart firewall.

Many Thanks in advance.

AdrianH · January 3, 2022, 6:19am

It would be a good idea to tell us what device and firmware version you are running.

On my Omnia 2020 setting up the honeypot is a simple matter of clicking a couple of radio buttons on the GUI.

JardaB · January 3, 2022, 10:28am

I thing if point 3. Enable firewall rule “wan_ssh_turris_rule”, thats the predefined rule to accept 22 from wan is not need. The HaaS installation will create the necessary rules itself (proxy)

If you use WAN access to SSH (point 4) you will redirect for example port 2222 to 22. It is not necessary if you do not use it (it is potentially dangerous)

iron-maiden · January 3, 2022, 11:09am

It is TO-2020 (5.3.3)

I installed Haas from reForis and set the token which I received from haas.nic.cz but it didn’t work until I enable “wan_ssh_turris_rule” from Luci (can be done from cmd line also) and restart firewall.

I was expecting just installing Haas and setting token would automatically work that’s why I m asking.

Edit:

@JardaB This NAT Prerouting rule is created when I enable “wan_ssh_turris_rule”, if I disable it is removed, so just installing Haas and setting token doesn’t create the needed NAT rule.

iron-maiden · January 3, 2022, 2:21pm

Correction to above:
That NAT Prerouting rule is created when restarting the firewall (checked firewall scripts).

Regarding “wan_ssh_turris_rule” it seems it is not needed for Haas.

Just don’t forget to restart firewall after initial install/setup of Haas, that was the issue why not worked.

system · January 6, 2022, 1:53pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.