update ssh config

CHANGELOG.md

@@ -1,4 +1,4 @@
-
+* 2017-03-15 SSH Forwarding/SFTP/keys/version config have been moved to [ssh]. Change your config file!
 * 2017-02-12 Implemented toggle for SSH forwarding
 * 2016-08-22 Merged Telnet support by @obilodeau!
 * 2016-08-20 Update your libraries! 'configparser' now required: "pip install configparser"

cowrie.cfg.dist

@@ -165,19 +165,27 @@ auth_class = UserDB
 # historical options in [honeypot] that have not yet been moved to [ssh]
 # ============================================================================
 
-
-# IP addresses to listen for incoming SSH connections.
-#
-# (default: 0.0.0.0) = any IPv4 address
-#listen_addr = 0.0.0.0
-# (use :: for listen to all IPv6 and IPv4 addresses)
-#listen_addr = ::
+# Source Port to report in logs (useful if you use iptables to forward ports to Cowrie)
+#reported_ssh_port = 22
 
 
-# Port to listen for incoming SSH connections.
-#
-# (default: 2222)
-#listen_port = 2222
+
+# ============================================================================
+# SSH Specific Options
+# ============================================================================
+[ssh]
+
+# Enable SSH support
+# (default: true)
+enabled = true
+
+
+# Public and private SSH key files. If these don't exist, they are created
+# automatically.
+rsa_public_key = etc/ssh_host_rsa_key.pub
+rsa_private_key = etc/ssh_host_rsa_key
+dsa_public_key = etc/ssh_host_dsa_key.pub
+dsa_private_key = etc/ssh_host_dsa_key
 
 
 # SSH Version String
@@ -205,36 +213,46 @@ auth_class = UserDB
 # SSH-2.0-OpenSSH_5.9
 #
 # (default: "SSH-2.0-SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2")
-ssh_version_string = SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
+version = SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
 
 
-# Source Port to report in logs (useful if you use iptables to forward ports to Cowrie)
-#reported_ssh_port = 22
+# IP addresses to listen for incoming SSH connections.
+#
+# (default: 0.0.0.0) = any IPv4 address
+#listen_addr = 0.0.0.0
+# (use :: for listen to all IPv6 and IPv4 addresses)
+#listen_addr = ::
 
 
-# Public and private SSH key files. If these don't exist, they are created
-# automatically.
-rsa_public_key = data/ssh_host_rsa_key.pub
-rsa_private_key = data/ssh_host_rsa_key
-dsa_public_key = data/ssh_host_dsa_key.pub
-dsa_private_key = data/ssh_host_dsa_key
+# Port to listen for incoming SSH connections.
+#
+# (default: 2222)
+#listen_port = 2222
 
 
 # sftp_enabled enables the sftp subsystem
 sftp_enabled = true
 
 
-# SSH forwarding
-# Useful for forwarding protocols to other honeypots
+# Enable SSH direct-tcpip forwarding
+# (default: true)
+forwarding = true
+
 
 # This enables redirecting forwarding requests to another address
-ssh_forward_redirect = false
+# Useful for forwarding protocols to other honeypots
 # (default: false)
+forward_redirect = false
 
+
+# Configure where to forward the data to.
 # forward_redirect_<portnumber> = <redirect ip>:<redirect port>
-forward_redirect_80 = 127.0.0.1:8080
+
+# Redirect http/https
+forward_redirect_80 = 127.0.0.1:8000
 forward_redirect_443 = 127.0.0.1:8443
-# If you want to record SMTP traffic, install SMTP honeypoint.
+
+# To record SMTP traffic, install an SMTP honeypoint.
 # (e.g https://github.com/awhitehatter/mailoney), run
 # python mailoney.py -s yahoo.com -t schizo_open_relay -p 12525
 forward_redirect_25 = 127.0.0.1:12525
@@ -242,22 +260,6 @@ forward_redirect_587 = 127.0.0.1:12525
 
 
 
-# ============================================================================
-# SSH Specific Options
-# ============================================================================
-[ssh]
-
-# Enable SSH support
-# (default: true)
-enabled = true
-
-
-# Enable SSH direct-tcpip forwarding
-# (default: true)
-forwarding = true
-
-
-
 # ============================================================================
 # Telnet Specific Options
 # ============================================================================

cowrie/core/avatar.py

@@ -43,7 +43,7 @@ class CowrieUser(avatar.ConchUser):
 
         # SFTP support enabled only when option is explicitly set
         try:
-            if self.cfg.getboolean('honeypot', 'sftp_enabled') == True:
+            if self.cfg.getboolean('ssh', 'sftp_enabled') == True:
                 self.subsystemLookup['sftp'] = conchfiletransfer.FileTransferServer
         except ValueError as e:
             pass

cowrie/core/keys.py

@@ -14,8 +14,8 @@ from twisted.python import log
 def getRSAKeys(cfg):
     """
     """
-    publicKeyFile = cfg.get('honeypot', 'rsa_public_key')
-    privateKeyFile = cfg.get('honeypot', 'rsa_private_key')
+    publicKeyFile = cfg.get('ssh', 'rsa_public_key')
+    privateKeyFile = cfg.get('ssh', 'rsa_private_key')
     if not (os.path.exists(publicKeyFile) and os.path.exists(privateKeyFile)):
         log.msg("Generating new RSA keypair...")
         from Crypto.PublicKey import RSA
@@ -40,8 +40,8 @@ def getRSAKeys(cfg):
 def getDSAKeys(cfg):
     """
     """
-    publicKeyFile = cfg.get('honeypot', 'dsa_public_key')
-    privateKeyFile = cfg.get('honeypot', 'dsa_private_key')
+    publicKeyFile = cfg.get('ssh', 'dsa_public_key')
+    privateKeyFile = cfg.get('ssh', 'dsa_private_key')
     if not (os.path.exists(publicKeyFile) and os.path.exists(privateKeyFile)):
         log.msg("Generating new DSA keypair...")
         from Crypto.PublicKey import DSA

cowrie/ssh/factory.py

@@ -91,7 +91,7 @@ class CowrieSSHFactory(factory.SSHFactory):
         t = transport.HoneyPotSSHTransport()
 
         try:
-            t.ourVersionString = self.cfg.get('honeypot', 'ssh_version_string')
+            t.ourVersionString = self.cfg.get('ssh', 'version')
         except:
             t.ourVersionString = "SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2"
 

cowrie/ssh/forwarding.py

@@ -23,7 +23,7 @@ def cowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avata
 
     cfg = avatar.cfg
     try:
-        if cfg.getboolean('honeypot', 'ssh_forward_redirect') == True:
+        if cfg.getboolean('ssh', 'forward_redirect') == True:
             redirectEnabled = True
         else:
             redirectEnabled = False
@@ -32,7 +32,7 @@ def cowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avata
 
     if redirectEnabled:
         redirects = {}
-        items = cfg.items('honeypot')
+        items = cfg.items('ssh')
         for i in items:
             if i[0].startswith('forward_redirect'):
                 destPort = i[0].split('_')[-1]