Authmap

Shortly after opening up my home server’s ssh port to the world (with only public/private key auth enabled), I started getting a flood of attempted ssh requests from all over the place. Out of curiosity, I wanted to see them plotted out on my Grafana dashboard so I started putting together a small service that reads SSH authentication attempts, parses them, and pushes them into influxdb.

This project originally started out as my first foray into Rust. Pretty soon after that, I began experimenting with Golang for systems programming and decided to port what I had made so far into Go. Links for both versions below:

• Authmap (Rust) (Not maintained)
• Authmap (Go)

Goals

I have a few goals to refine this project into something more useful:

• Remove every instance of hardcoding and read all configurables from a YAML file.
  • Done! Now, the only hardcoded configuration item is the config’s location. The application will also generate a default configuration automatically if a config is not found.
• Allow grouping requests from the same IP/location in a smart way.
  • Done! The ip field is now a tag. This allows grouping by ip and aggregating results within those groups.
• Automate downloading the MaxMind GeoIP database.
  • This will require user interaction since the database has licensing requirements now.
• Make the docker container for this package more accessible.
  • Done! Authmap (go) is now available from docker hub as tgiv014/authmap:latest. See the Authmap repo for installation instructions and an example docker-compose configuration