7MS #173: DIY SSH Honeypot with Kippo

Interested in having some fun with Kippo (an SSH honeypot) on your Digital Ocean server? Here's a super fast getting started guide based on this doc:

• Do an apt-get update && apt-get upgrade
• Open etc/ssh/sshd_config
• Change the port to be some odd port you want to use for legit SSH management, like 9999 or 1357.
• Restart ssh with reload ssh
• Install Kippo dependencies with apt-get install python-dev openssl python-openssl python-pyasn1 python-twisted
• Get subversion to install kippo with apt-get install subversion
• Create kippo user with useradd -d /home/kippo -s /bin/bash -m kippo -g sudo
• Install authbind with apt-get install authbind
• Create a file called /etc/authbind/byport/22
• Set ownership on it with chown kippo /etc/authbind/byport/22
• Change permissions on it with chmod 777 /etc/authbind/byport/22
• Change to the kippo user with su kippo
• Hit cd to go to kippo home dir.
• Download kippo SVN with svn checkout http://kippo.googlecode.com/svn/trunk/ ./kippo
• cd to kippo dir with cd kippo
• Move and rename default config file with mv kippo.cfg.dist kippo.cfg and then open it
• Change the ssh_port from 2222 to 22
• Start the kippo service with ./start.sh
• Start tailing the /home/kippo/kippo/log/kippo.log file to see authentication attempts!

More to come. From here I want to get the mysql part setup so I can more easily query the auth attempts being made. I'm also interested in setting up a legit kippo user so I can see what terminal commands a bad guy might use upon "hacking" into my network.