Question

How To Set Up an Endlessh Tarpit on Ubuntu 22.04

Posted on February 11, 2025
Security UNIX/Linux
Asked by jairunet

I was able to complete the tutorial https://www.digitalocean.com/community/tutorials/how-to-set-up-an-endlessh-tarpit-on-ubuntu-22-04 and the two programs seems to be running fail2ban + endlessh, my question is, how can I better test / verify the usage or demonstrate the functionality myself running it internally and externally. Thank you in advance,

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

KFSys

Site Moderator

• February 12, 2025

Heya,

Since Endlessh is a tarpit for SSH attacks, you can test its functionality by attempting to SSH into your own server where it’s running.

From the same machine where Endlessh is running, try to SSH into it using a separate terminal:

ssh -vvv localhost -p 2222

Replace 2222 with the port where Endlessh is running if it’s different.
The -vvv flag enables verbose output to see what’s happening.

Expected Behavior

The SSH attempt should hang indefinitely and never fully establish a connection.
If the connection times out or gets stuck for a long time without showing a login prompt, Endlessh is working as expected.

To verify how external attackers might experience Endlessh, try to SSH from a different machine or another server. From a different machine (e.g., another VPS, home computer, or a friend’s machine), run: