Endlessh

SSH tarpit (port 2222)

Endlessh is an SSH tarpit that very slowly sends an endless, random SSH banner. It keeps SSH clients locked up for hours or even days at a time. The purpose is to put your real SSH server on another port and then let the script kiddies get stuck in this tarpit instead of bothering a real server.

endlessh-go is a golang implementation of endlessh exporting Prometheus metrics, visualized by a Grafana dashboard.

Links:

Source: https://github.com/shizunge/endlessh-go/
C implementation: https://github.com/skeeto/endlessh/
Developer’s blogpost: https://nullprogram.com/blog/2019/03/22/

Setup Grafana dashboard:

name: endlessh
services:
  endlessh:
    image: shizunge/endlessh-go:2025.0914.0
    container_name: endlessh
    restart: unless-stopped
    command:
      - -port=2222
      - -alsologtostderr
      - -v=1
      - -log_dir=/config/logs/endlessh/
      - -enable_prometheus
      - -geoip_supplier=ip-api
    environment:
      PUID: ${PUID}
      PGID: ${PGID}
      TZ: ${TIMEZONE}
    volumes:
      - ${DOCKER_VOLUMES}/endlessh:/config
    ports:
      - 2222:2222
      # Prometheus metrics port: 2112
    labels:
      homepage.group: Security
      homepage.name: Endlessh
      homepage.icon: terminal.png
      homepage.description: "SSH tarpit (port 2222)"