Authmap

February 6, 2021

Authmap Image

Shortly after opening up my home server’s ssh port to the world (with only public/private key auth enabled), I started getting a flood of attempted ssh requests from all over the place. Out of curiosity, I wanted to see them plotted out on my Grafana dashboard so I started putting together a small service that reads SSH authentication attempts, parses them, and pushes them into influxdb.

This project originally started out as my first foray into Rust. Pretty soon after that, I began experimenting with Golang for systems programming and decided to port what I had made so far into Go. Links for both versions below:

Goals

I have a few goals to refine this project into something more useful:

  • Remove every instance of hardcoding and read all configurables from a YAML file.
    • Done! Now, the only hardcoded configuration item is the config’s location. The application will also generate a default configuration automatically if a config is not found.
  • Allow grouping requests from the same IP/location in a smart way.
    • Done! The ip field is now a tag. This allows grouping by ip and aggregating results within those groups.
  • Automate downloading the MaxMind GeoIP database.
    • This will require user interaction since the database has licensing requirements now.
  • Make the docker container for this package more accessible.
    • Done! Authmap (go) is now available from docker hub as tgiv014/authmap:latest. See the Authmap repo for installation instructions and an example docker-compose configuration