Endlessh: SSH Tarpit — Trap and Slow Down Brute-Force Attackers

TL;DR — Quick Summary

Deploy Endlessh to trap SSH brute-force attackers in an endless SSH banner. Wastes attacker resources while protecting your real SSH server. Lightweight Docker deployment.

Endlessh — SSH Tarpit

services:
  endlessh:
    image: shizunge/endlessh-go:latest
    container_name: endlessh
    restart: always
    ports:
      - "22:2222"
    environment:
      - LEN=32
      - DELAY=10000
      - MAX_CLIENTS=4096

How It Works

Attacker connects to port 22
Endlessh sends one random line every 10 seconds
SSH protocol waits for the banner to finish
Attacker is trapped for hours/days
Your real SSH is on port 2222, unreachable to scanners

Frequently Asked Questions

What is Endlessh?

Endlessh is an SSH tarpit that slowly sends an endless SSH banner to connecting clients. Attackers trying to brute-force SSH get trapped, wasting their time and resources while your real SSH runs on a different port.

Is Endlessh safe to run?

Yes. Endlessh only sends random banner data — it never authenticates anyone. Move your real SSH to a non-standard port and point Endlessh at port 22. Attackers waste hours while real users connect on the actual port.

Endlessh — SSH Tarpit

How It Works

Related Articles

Frequently Asked Questions

Related Articles

Element and Matrix: Self-Hosted Encrypted Messaging — Decentralized Communication

Headscale: Self-Hosted Tailscale Control Server — Open Source Mesh VPN

Code-Server: Run VS Code in Your Browser — Self-Hosted Remote Development