honeytrap icon indicating copy to clipboard operation
honeytrap copied to clipboard
verified publisher icon honeytrap

Unable to proxy into sshd docker container.

Open pumperknickle opened this issue 6 years ago • 2 comments

I am using a forward director with a ssh-proxy service pointing to a docker container running an sshd. When I try to enter my the password as root, I receive a Permission Denied error. I can login to the container when I go around the proxy and ssh into the container itself. SSH auth however works fine when connecting to cowrie instead of the shhd container.

pumperknickle avatar Sep 14 '19 02:09 pumperknickle

version: '3.2'

services:

elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:5.6.10 container_name: ht-elasticsearch ports: - "127.0.0.1:9200:9200" volumes: - ./data/elasticsearch/data:/usr/share/elasticsearch/data environment: - "ES_JAVA_OPTS=-Xms2048m -Xmx2048m" - xpack.security.enabled=false restart: on-failure ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 cap_add: - IPC_LOCK healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9200"] networks: - honeytrap

kibana: image: docker.elastic.co/kibana/kibana:5.6.9 container_name: ht-kibana ports: - "127.0.0.1:5601:5601" environment: - XPACK_SECURITY_ENABLED=false depends_on: - elasticsearch networks: - honeytrap

cowrie: image: cowrie/cowrie:latest container_name: ht-cowrie ports: - "127.0.0.1:2222:2222" networks: - honeytrap

sshd: image: rastasheep/ubuntu-sshd:16.04 container_name: ht-sshd ports: - "127.0.0.1:2223:22" networks: - honeytrap

honeytrap: image: honeytrap/honeytrap:latest container_name: honeytrap ports: - "8545:8545" - "8022:8022" - "8023:8023" volumes: - ./config.toml:/config/config.toml restart: on-failure depends_on: - elasticsearch - cowrie networks: - honeytrap

networks: honeytrap: external: true

pumperknickle avatar Sep 14 '19 02:09 pumperknickle

[listener] type="socket"

[director.cowrie-ssh] type="forward" host="cowrie:2222"

[director.sshd] type="forward" host="sshd:2223"

[service.sshproxy1] type="ssh-proxy" director="cowrie-ssh" credentials=["*"]

[[port]] port="tcp/8022" services=["sshproxy1"]

[service.sshproxy2] type="ssh-proxy" director="sshd" credentials=["root"]

[[port]] port="tcp/8023" services=["sshproxy2"]

[service.ethereum] type="ethereum"

[[port]] port="tcp/8545" services=["ethereum"]

[channel.console] type="console"

[channel.elasticsearch] type="elasticsearch" url="http://elasticsearch:9200/honeytrap"

[[filter]] channel=["console", "elasticsearch"]

[[logging]] output = "stdout" level = "debug"

pumperknickle avatar Sep 14 '19 02:09 pumperknickle