Major update

[GAS85]

Hey, I prepared major update for you. As I push it first to my private repo it looks here is it was pushed within short time now. Anyway, few changes:

• Add ed25519 and RSA key refresh
• Add banner consistent to the SSHd Server version
• Add option to set profiles, default as it was per host, new per IP.
• Increased and configurable minimum amount of retries
• Documentation refresh and update

[JustinAzoff]

Hi!

Cool stuff.. do you think the banners may cause some issues? I'd fear that it would make ssh-auth-logger a bit too easy to fingerprint.

[GAS85]

Those are standard banners from Ubuntu Debian and Centos. The aim is to mimic real system and avoid fingerprinting. We can disable them, or make it even configurable to send banner or not. Anyway SSHd version depends on a host machine OS. So I tried to match SSH version with standard Banners. I think at least different SSH versions needs to be presented.

[JustinAzoff]

Are those banners or motd? The banner is sent before authentication and I don't think I've ever seen an ubuntu system send something like 'Ubuntu 20.04.6 LTS'.

[GAS85]

Yes, banners are send before auth and there is even one funny project about it: https://github.com/shizunge/endlessh-go

As I sad, may be a a good idea to make them configurable... Not sure here

[GAS85]

Just checked on fresh ubuntu install and there is default loggin banner:

cat /etc/issue
Ubuntu 24.04.3 LTS \n \l

But, per default it is usually disabled too:

grep Banner /etc/ssh/sshd_config
#Banner none

So I add config key to enable Banners. Per default will not send any.

And one additional thing that was changed, but I forget to set default to initial behavior. Now passwords can be logged as clear text (as it was) or base64.

[JustinAzoff]

Have you noticed any increased CPU from removing the sshConfigMap ?