Hello,
Since a few days I am testing my TO. I am stuck on the honeypot function. What did I do:
- made sure I can ssh from inside TO network to TO both lan and wan side
- made sure I cannot ssh from outside TO network to TO wan side
- installed ‘ssh honeypot’ in foris under updater
- checked all boxes in foris under ‘data collection’
- in luci under network/firewall made a port forward
source zone: wan
source ip: any
source port: empty
external ip: 192.168.1.137 (wan side TO)
external port: 10022 - made sure I can ssh from outside TO network to TO wan side:
$ ssh -p 10022 root@192.168.1.137
(succeeds) - if I now try to ssh from outside TO network to TO on port 22:
Finally I got results in
$ ssh -p 22 root@192.168.1.137
I am asked for a password and after I fill in any password I get: ‘Connection to 192.168.1.137 closed’
I presume this is the reaction the ssh honeypot gives !? Did this regularly the last few days, so I presume I activated the honeypot this way.
If I check these two urls:
https://project.turris.cz/en/data/xxxx/show#/ssh/
under ‘Data sending outages’ gives ‘0 h’
https://haas.nic.cz/device/xxxx/sessions
under ‘Router 1’ gives ‘No sessions in specified interval’. Nothing to see there.
Can anybody point me to what I am missing ?
[Update, answer my own question]
I finally get some input in haas.nic.cz. It turns out that mostly an login attempts get a ‘connection closed’ which does not result into input in haas. Once in a while an attempts succeeds and results into input in haas.