You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First and foremost, thank you for the work on Cowrie. Very useful tool.
I have set up a single sanbox VM running Cowrie. Connections reach this VM via a second gateway VM which initiates ssh connections to several VPS servers by running autossh using the -R (see below):
This allows a single gateway box to control when the service is available on all VPS servers. The downside, the source IP address in the Cowrie logs is always the gateway server. Can you see any way around this consequence of the setup?
The text was updated successfully, but these errors were encountered:
This is an interesting idea. You could log in both places but it will be difficult to correlate the two together in particular on busy servers.
Ideally you'd want to pass on the original IP address inside the SSH protocol, the same way a proxy can send an X-Forwarded-For:. But it will take some work at the Cowrie level (fairly straightforward) and more work in your connection forwarder to make this all work.
First and foremost, thank you for the work on Cowrie. Very useful tool.
I have set up a single sanbox VM running Cowrie. Connections reach this VM via a second gateway VM which initiates ssh connections to several VPS servers by running autossh using the -R (see below):
This allows a single gateway box to control when the service is available on all VPS servers. The downside, the source IP address in the Cowrie logs is always the gateway server. Can you see any way around this consequence of the setup?
The text was updated successfully, but these errors were encountered: