Monitoring SSH login attempts and geolocating remote hosts who failed to login and gathering used credentials.
The main idea is that you don't use default SSH port to connect to your remote server/VPS. This Docker Compose configuration maps fake server's port 22 to Docker host's public IP and stores unsuccesful login details in the database.
Example docker-compose.yml (see docker-compose.example.yml)
Don't forget to generate private_key.pem first using following command:
openssl genrsa -out private_key.pem 4096And build with sudo docker compose up -d!
For deploying behind a reverse proxy see nginx configuration.
Example .env environmental variables (see .env.example)
| Variable | Description |
|---|---|
| GIN_MODE | Production/debug mode |
| POSTGRES_USER | PostgreSQL user |
| POSTGRES_PASSWORD | PostgreSQL password |
| POSTGRES_SERVER | PostgreSQL server |
| POSTGRES_PORT | PostgreSQL port |
| POSTGRES_DB | PostgreSQL database |
| VALKEY_PASSWORD | Valkey password |
| VALKEY_SERVER | Valkey server |
| VALKEY_PORT | Valkey port |
sudo docker compose -f docker-compose.dev.yml --env-file .env.dev up -d --build./test.sh number_of_attemptsSwagger UI is available at http://localhost:8080/swagger after starting development mode.