endlessh

Endlessh is a program that wastes the time of automated scripts and bots that scan the internet looking for SSH servers to attack. When one of these scripts connects, Endlessh never completes the SSH handshake. Instead, it slowly trickles out a randomly generated banner, one short line at a time, at a configurable delay of around 10 seconds per line. The connecting client sits there waiting for the banner to finish, which it never does, tying up that bot's connection slot for hours or even days.

The intended setup is to run your real SSH server on a non-standard port, then put Endlessh on port 22, which is the default port most automated scanners probe. Legitimate users know the actual port and connect there, while bots waste their resources stuck in Endlessh's endless loop.

Technically, the program intercepts connections at the very beginning of the SSH protocol, before any encryption or authentication takes place. That means Endlessh does not need any cryptographic libraries at all. It is a small, self-contained C program with no external dependencies. It uses a system call called poll() to manage many simultaneous connections at once without spawning separate threads or processes for each one.

Configuration is minimal. You can set the listening port, the delay between banner lines, the maximum line length, and the maximum number of concurrent clients it will hold open at one time (up to 4096 by default). A configuration file uses the same key-value style as OpenSSH's own config file, which makes it familiar to server administrators.

The build process requires only a C compiler with no extra libraries on most systems. The README includes notes for unusual platforms like RHEL 6, Solaris, and OpenBSD where minor adjustments are needed.