Docker ssh honeypot and ddclient

Recently cleaned house and did a fresh os install, and when I was about to reinitialize my edge vm I realized that everything I had been using my virtual debain server for can now be done with docker.

And then some! Basically I was using a virtual server as a file share, an ssh gateway, a web server, and as a ddclient with google domains

I also wanted to create a honeypot because I’m always getting spammed. The honeypot is not super-advanced but for now, I get a steady stream of common usernames and passwords. Also, IPs to “investigate.” I’d love to go farther with this, but of course, who has the time?

my honeypot brings all the bots to the yard

ddclient image

I recently came across the linuxserver collection of docker images, including the one for ddclient. Super easy to set up (just point your image at the ddclient.conf), using something like

docker run -d --name=ddclient -e PUID=1000 -e PGID=1000 -e TZ=America/New_York -v ./docker/:/config --restart unless-stopped linuxserver/ddclient

Now, my IP stays fresh and the service runs all the time without eating into my resources.

the ssh-honey honeypot

I am using this image: txt3rob/docker-ssh-honey for starters. Now, I’ve nat’d my external port 22 to point to the machine where the image is running, and I’ve got it exposed on port 2022, so my command looks like this:

docker run -i -p 2022:22 --name=ssh-honey --restart unless-stopped txt3rob/docker-ssh-honey -e bin/ssh-honeypot -b -d