I use HaaS on my Turris, I am on HBK. I realized that the service needs an update. In fact currently the Twisted implementation of HaaS uses the ssh-rsa signature scheme. Since the scheme has been deprecated since OpenSSH version 8.8, our poor hacker bots can no longer complete the attack, because unless special configurations manually enable ssh-rsa, between negotiation fails and the hacker is thrown out. This defeats the purpose of the honeypot, which in our case should record, in addition to the attacker’s IP address and username and password, any commands given. On the Honeypot as a Service - Login to HaaS page my device shows 280 login attempts, but only two successful ones, although HaaS facilitates with credentials any form of attack. I hope this is taken into consideration.
I’m not sure if you are interpreting the cause of failed logins to the HaaS honeypot correctly.
A successful attempt to log into the honeypot requires a specific group of logins name for the login, not just any of logins. If an attacker uses an “incorrect login name” it is rejected.
You can test it yourself with a machine running OpenSSH 8.8 and up. Even if you enter root username and root or admin password and the usual ones accepted by HaaS, you will get an incompatibility error for key negotiation. By adding the -o PubkeyAcceptedKeyTypes=+ssh-rsa option to the ssh command, the connection will be successful.
userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Such an error seems explicit to me; it does not refer to incorrect credentials.
Other implementations other than OpenSSH might safely allow you to log in.
Hmmm … I have HBS 6.2.0 default without any changes in SSH and the mentioned login takes place without any problem … My response is that of an ignoramus.
Instaled SW is ver 8.4
In fact, the incompatibility is for the version installed on the attacker’s machine and not on the Turris device. I too have 6.2.0 without any modification. How do you try to connect? What version of ssh do you have on your computer? Have you tried connecting from an external network to the public IP address assigned to the router?
I don’t know my SSH version, it is the current Windows 10 (22H2 build 19045.2364), I connected from my home LAN to an external IP with Bitwise Client 8.53