pam_honey.so is a PAM module that denies any login attempt and logs the credentials in a text file. It is intended to set up a honeypot.
- Install build dependencies (Debian:
gcc make libpam0g-dev, CentOS:gcc make pam-devel) make- Copy
pam_honey.soto the appropriate location (usually/lib/*/security/or/lib64/security/) - Configure PAM (usually in
/etc/pam.d/sshd) to usepam_honey.so:auth required pam_honey.so /root/honey.txt - Configure ssh to allow password auth
tail -f /root/honey.txt