explaingit

skeeto/endlessh

8,448CAudience · ops devopsComplexity · 2/5Setup · moderate

TLDR

Endlessh is a tiny C program that wastes the time of automated SSH scanners by pretending to be an SSH server and drip-feeding a never-ending banner, trapping bots for hours without affecting real users.

Mindmap

mindmap
  root((endlessh))
    What it does
      SSH tarpit
      Trap bots and scanners
      Endless banner loop
    How it works
      No crypto needed
      Poll-based concurrency
      Up to 4096 connections
    Setup
      Replace port 22
      Move real SSH
      Config file
    Audience
      Server admins
      Security engineers
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Protect a Linux server from SSH brute-force bots by placing Endlessh on port 22 and moving sshd to a different port.

USE CASE 2

Tie up automated scanners' connection slots for hours using minimal CPU and memory.

USE CASE 3

Monitor how many bots are hitting your server by watching Endlessh's concurrent connection count.

Tech stack

C

Getting it running

Difficulty · moderate Time to first run · 30min

You must move your real SSH daemon to a non-standard port before binding Endlessh to port 22, or legitimate connections will be trapped.

In plain English

Endlessh is a program that wastes the time of automated scripts and bots that scan the internet looking for SSH servers to attack. When one of these scripts connects, Endlessh never completes the SSH handshake. Instead, it slowly trickles out a randomly generated banner, one short line at a time, at a configurable delay of around 10 seconds per line. The connecting client sits there waiting for the banner to finish, which it never does, tying up that bot's connection slot for hours or even days. The intended setup is to run your real SSH server on a non-standard port, then put Endlessh on port 22, which is the default port most automated scanners probe. Legitimate users know the actual port and connect there, while bots waste their resources stuck in Endlessh's endless loop. Technically, the program intercepts connections at the very beginning of the SSH protocol, before any encryption or authentication takes place. That means Endlessh does not need any cryptographic libraries at all. It is a small, self-contained C program with no external dependencies. It uses a system call called poll() to manage many simultaneous connections at once without spawning separate threads or processes for each one. Configuration is minimal. You can set the listening port, the delay between banner lines, the maximum line length, and the maximum number of concurrent clients it will hold open at one time (up to 4096 by default). A configuration file uses the same key-value style as OpenSSH's own config file, which makes it familiar to server administrators. The build process requires only a C compiler with no extra libraries on most systems. The README includes notes for unusual platforms like RHEL 6, Solaris, and OpenBSD where minor adjustments are needed.

Copy-paste prompts

Prompt 1
Write a systemd service file to run Endlessh on port 22, restart on failure, and log trapped connections.
Prompt 2
Show me how to install Endlessh on Ubuntu, move sshd to port 2222, and verify bots are being trapped.
Prompt 3
How do I configure Endlessh to hold up to 4096 simultaneous bot connections with a 10-second delay between banner lines?
Prompt 4
Build Endlessh from source on a minimal Linux server with no external dependencies and explain each build step.
Open on GitHub → Explain another repo

← skeeto on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.