/phlog/bitreich-haunted-hosts.gopher.txt on gopher.someodd.zip


	My entry for Bitreich's "Haunted Hosts" Halloween Event

	__ __
	\| \/ \| _ _
	\| \|\/\| \| \| \|\| \|
	\|_\| \|_\| \_, \|
	\|__/

	_
	___ _ _ \| \|_ _ _ _ _
	/ -_) \| ' \ \| _\| \| '_\| \| \|\| \|
	\___\| \|_\|\|_\| \__\| \|_\| \_, \|
	\|__/

	__
	/ _\| ___ _ _
	\| _\| / _ \ \| '_\|
	\|_\| \___/ \|_\|


	___ _ _ _ _ _
	\| _ ) (_) \| \|_ _ _ ___ (_) __ \| \|_ ( ) ___
	\| _ \ \| \| \| _\| \| '_\| / -_) \| \| / _\| \| ' \ \|/ (_-<
	\|___/ \|_\| \__\| \|_\| \___\| \|_\| \__\| \|_\|\|_\| /__/


	_ _ _ _ _ _
	( \| ) \| \|\| \| __ _ _ _ _ _ \| \|_ ___ __\| \|
	V V \| __ \| / _` \| \| \|\| \| \| ' \ \| _\| / -_) / _` \|
	\|_\|\|_\| \__,_\| \_,_\| \|_\|\|_\| \__\| \___\| \__,_\|


	_ _ _ _ _
	\| \|\| \| ___ ___ \| \|_ ___ ( \| )
	\| __ \| / _ \ (_-< \| _\| (_-< V V
	\|_\|\|_\| \___/ /__/ \__\| /__/


	_ _ _ _
	\| \|\| \| __ _ \| \| \| \| ___ __ __ __ ___ ___ _ _
	\| __ \| / _` \| \| \| \| \| / _ \ \ V V / / -_) / -_) \| ' \
	\|_\|\|_\| \__,_\| \|_\| \|_\| \___/ \_/\_/ \___\| \___\| \|_\|\|_\|


	___ _
	\| __\| __ __ ___ _ _ \| \|_
	\| _\| \ V / / -_) \| ' \ \| _\|
	\|___\| \_/ \___\| \|_\|\|_\| \__\|


	╔─────────────────────*�…
	║1 ........................................ 1║
	║2* ........................................ *2║
	║3 ........................................ 3║
	║1 ...........Posted: 2024-10-14........... 1║
	║2* .Tags: sysadmin linux halloween events . *2║
	║3 ........................................ 3║
	║1 ........................................ 1║
	╚─────────────────────────�…

	For Bitreich's "Haunted Hosts" Hallowe'en event I made this, try a `trick`:

	```
	ssh -p 6666 [email protected]
	```

	.. or how about a `treat`?

	```
	ssh -p 6666 [email protected]
	```

	roygbyte of bitreich mentioned and summarized all the entries (including mine!):

	Read the article on roybyte's gopherhole

	## Background

	Bitreich "Haunted Hosts" Hallowe'en event announced!
	I would like to thank Bitreich member ROYGBYTE for nudging me toward a simpler
	approach with this writeup:

	ROYGBYTE's guide for authless SSH toy accounts

	This guide was written from a Debian perspective, but should work for all Linux
	users, pretty much.

	## What I did, how you can too

	### Setup `trick` and `treat users

	Create the users:

	```
	sudo adduser --home /home/trick --shell /bin/sh --disabled-password trick
	sudo passwd -d trick


	sudo adduser --home /home/treat --shell /bin/sh --disabled-password treat
	sudo passwd -d treat
	```

	### Create the spooky `trick` script `/home/trick/spooky_animation.sh`

	Don't forget to mark the script as executable.

	`/home/trick/spooky_animation.sh`:

	```
	#!/bin/bash

	# First frame
	frame1=$(cat << 'EOF'


	( " )
	( _ * Double, double
	* ( / \ ___
	" " _/ /
	( * ) ___/ \|
	) " _ o)'-./__
	* _ ) (_, . $$$
	( ) __ __ >_ $$$$
	( : { _) '--- $\
	______'___//__\ ____, \
	) ( \_/ _____\_
	.' \ \------''.
	\|=' '=\| \| )
	\| \| \| . _/
	\ (. ) , / /__I_____\
	snd '._/_)_(\__.' (__,(__,_]
	@---()_.'---@
	EOF
	)

	# Second frame
	frame2=$(cat << 'EOF'


	( " ) Double, double
	( _ * Toil and trouble
	* ( / \ ___
	" " _/ /
	( * ) ___/ \|
	) " _ o)'-./__
	* _ ) (_, . $$$
	( ) __ __ 7_ $$$$
	( : { _) '--- $\
	_____'___//__\ ____, \
	) ( \_/ _____\_
	.' \ \------''.
	\|=' '=\| \| )
	\| \| \| . _/
	\ (. ) , / /__I_____\
	snd '._/_)_(\__.' (__,(__,_]
	@---()_.'---@
	EOF
	)

	# Third frame
	frame3=$(cat << 'EOF'

	Double, double
	( " ) Toil and trouble
	( _ * Fire burn and
	* ( / \ ___
	" " _/ /
	( * ) ___/ \|
	) " _ o)'-./__
	* _ ) (_, . $$$
	( ) __ __ >_ $$$$
	( : { _) '--- $\
	______'___//__\ ____, \
	) ( \_/ _____\_
	.' \ \------''.
	\|=' '=\| \| )
	\| \| \| . _/
	\ (. ) , / /__I_____\
	snd '._/_)_(\__.' (__,(__,_]
	@---()_.'---@
	EOF
	)

	# Fourth frame
	frame4=$(cat << 'EOF'
	Double, double
	Toil and trouble
	( " ) Fire burn and
	( _ * Cauldron bubble
	* ( / \ ___
	" " _/ /
	( * ) ___/ \|
	) " _ o)'-./__
	* _ ) (_, . $$$
	( ) __ __ 7_ $$$$
	( : { _) '--- $\
	_____'___//__\ ____, \
	) ( \_/ _____\_
	.' \ \------''.
	\|=' '=\| \| )
	\| \| \| . _/
	\ (. ) , / /__I_____\
	snd '._/_)_(\__.' (__,(__,_]
	@---()_.'---@
	EOF
	)

	# FIXME: could define witch frames as an array?
	# Function to display the animation
	witch_animation() {
	count=1
	while [ $count -le 3 ]; do
	# Show frames with a pause between each
	clear
	echo "$frame1"
	sleep 0.5
	clear
	echo "$frame2"
	sleep 0.5
	clear
	echo "$frame3"
	sleep 0.5
	clear
	echo "$frame4"
	sleep 0.5
	((count++)) # Increment the counter
	done
	}

	# Define an array of fake system files and directories to "delete"
	files=(
	"/bin/bash"
	"/etc/passwd"
	"/usr/local/bin"
	"/home/trick"
	"/var/log/syslog"
	"/boot/vmlinuz"
	"/lib/modules"
	"/tmp/systemd-private"
	"/sbin/init"
	"/root/.bashrc"
	"/dev/null"
	"/proc/cpuinfo"
	"/usr/lib/systemd/system"
	"/var/cache/apt"
	"/usr/share/icons"
	"/boot/initrd.img"
	"/var/spool/cron"
	"/srv"
	"/opt"
	"/home/treat/Documents"
	"/media/usb"
	"/mnt/data"
	"/sys/kernel/debug"
	)

	# Function to display the fake deletion
	fake_deletion_animation() {
	for file in "${files[@]}"; do
	echo "rm -rf $file"
	sleep 0.1 # Delay between each fake deletion
	done

	# Final spooky message
	}

	# Function to display jumbled/corrupted data stream
	corrupted_data_stream() {
	for i in {1..30}; do
	# Output a random string of characters to simulate corruption
	echo "$(head /dev/urandom \| tr -dc 'a-zA-Z0-9!@#$%^&*()_+-=[]{}\|;:,.<>?…
	sleep 0.1 # Fast stream of corrupted data
	done
	}

	# Function to simulate a broken input prompt
	broken_prompt() {
	while true; do
	# Display a fake prompt symbol
	echo -n "$ "

	# Read user input (but don't execute it)
	read user_input

	# Simulate "command not found" for any input
	echo "bash: $user_input: command not found"
	done
	}

	# Show animation
	witch_animation

	# Call the animation function
	fake_deletion_animation

	corrupted_data_stream

	clear
	echo "ENJOY YOUR TRICK."
	echo "HAPPY HALLOWEEN 2024!"

	echo "Connection to someodd.zip closed."

	broken_prompt
	```

	### Create the spooky `treat` script `/home/treat/ascii_video.sh`

	Please ensure `mpv` is installed for this script to work.

	Don't forget to mark as executable (`chmod +x /path/to/script.sh`).

	```
	#!/bin/bash
	clear

	# Path to the video file you want to play (change this to your own video file)
	VIDEO_PATH="/home/treat/felix_the_cat_switches_witches.mp4"

	# Check if mpv is installed and then play the video using ASCII output with no …
	if command -v mpv &> /dev/null; then
	echo "Welcome! Enjoy this ASCII video!"
	echo "Press Q to quit the video."

	# Play the video in ASCII mode with no audio output
	mpv --vo=tct --no-audio "$VIDEO_PATH"
	else
	echo "mpv is not installed, please install it first."
	exit 1
	fi
	```

	### Setup `sshd`

	A lot of what I did was struggle because of PAM and not noticing that I was
	using `AllowUsers` (whitelisting which users are allowed).

	Add these lines to `/etc/ssh/sshd_config`:

	```
	# This port for halloween
	Port 6666

	# FOR HALLOWEEN
	# First, deny all users access to port 6666 except "trick" and "treat"
	Match LocalPort 6666 User *,!trick,!treat
	PasswordAuthentication no
	PubkeyAuthentication no
	ForceCommand /bin/false
	# Now setup "trick"
	Match User trick LocalPort 6666
	PasswordAuthentication yes
	PermitEmptyPasswords yes
	PermitTunnel no
	PermitListen none
	PermitOpen none
	PubkeyAuthentication no
	PermitRootLogin no
	UnusedConnectionTimeout 30
	X11Forwarding no
	ForceCommand /home/trick/spooky_animation.sh
	GatewayPorts no
	# Now setup "treat"
	Match User treat LocalPort 6666
	PasswordAuthentication yes
	PermitEmptyPasswords yes
	PermitTunnel no
	PermitListen none
	PermitOpen none
	PubkeyAuthentication no
	PermitRootLogin no
	UnusedConnectionTimeout 30
	X11Forwarding no
	# ForceCommand could be set to something specific for 'treat', like a diffe…
	ForceCommand /home/treat/ascii_video.sh
	GatewayPorts no
	# Deny 'trick' on the default port 22
	Match User trick LocalPort 22
	PasswordAuthentication no
	PubkeyAuthentication no
	ForceCommand /bin/false
	# Deny 'treat' on the default port 22
	Match User treat LocalPort 22
	PasswordAuthentication no
	PubkeyAuthentication no
	ForceCommand /bin/false
	```

	If you're using PAM (`UsePAM yes`), add this to the top of `/etc/pam.d/sshd`:

	```
	# Halloween
	auth [success=1 default=ignore] pam_exec.so seteuid /usr/bin/allow_empty_passwo…
	auth [success=1 user!=trick default=ignore] pam_unix.so nullok
	```

	and also for PAM users create `sudo vi /usr/bin/allow_empty_password.sh` (don't
	forget to `sudo chmod +x /usr/bin/allow_empty_password.sh`):

	```
	#!/bin/bash
	if [[ "$PAM_USER" == "trick" \|\| "$PAM_USER" == "treat" ]]; then
	exit 0 # Allow passwordless login
	else
	exit 1 # Deny empty password
	fi
	```

	Restart sshd with `sudo service sshd restart`.

	Add port 6666 to UFW (you may also want to port forward on your router):

	```
	sudo ufw allow 6666 comment "trick or treat"
	```

	## Test it out

	While testing the new setup you may want to disable fail2ban, so you don't get
	locked out of your box, in case something goes wrong with authentication (`sudo
	service fail2ban stop`). Don't forget to re-enable after testing.

	You should be able to run this command successfully now (on a client):

	```
	ssh -p 6666 trick@simulacra
	```

	## Copy of the event text

	```
	# 2024-10-12 14:01:34.582764 UTC (+0000)

	Bitreich "Haunted Hosts" Hallowe'en event announced!

	.=-.
	/ .`
	\|\_/\| \| \| ,=+=,
	\|-,-\| \ ', ; ^v^ ;
	_\|(=)\| `..+ ;'\|+\|'' /\_/\
	\| / \| /;_Y_;\ / \
	\| /\| \| \|\_:_/ \ / O O \
	\| / \ \| \|/ ' \ / \| \./ \|
	\| / _ \ \| /_____\` \| \|
	\|/\| \| \|\\| \|\|\| \| \|
	\| \| \| __/__ \|\|\| ;~,~.~,~;
	\| \| \| // \|`\ _\|\|\|_ \| \| \|
	...._\|_\|_\|_...\`___,/....II'II...... /__\|__\rgb...

	Announcing the first annual:
	Bitreich "HAUNTED HOSTS" Hallowe'en
	October 31, 2024, 9:00PM CEST

	This Hallowe'en, hosts from around the world open their ports to
	festive trick or treaters. Be spooked, scared, or delighted by hosts
	haunting their `ssh` connections with a ghoulish `Banner`, cob-webbed
	`ChrootDirectory`, or evil `ForceCommand`!

	To participate as a host: Announce your intent to participate by
	contacting ROYGBYTE on #bitreich-en:irc.bitreich.org before the event
	date. Then, prepare your hauntings: make or modify your =sshd= to
	include passwordless authentication for =trick= and/or =treat= users;
	and, configure your choice of =sshd= options to create a
	correspondingly delightful... or frightful... visitor experience!

	To participate as a trick or treater: on October 31, 2024, 9:00PM
	CEST, connect via `ssh` as `trick` or `treat` user to participating
	hosts. Hosts may be using non-standard `sshd` ports, so for full
	connection details check the event page!

	Event page: gopher://bitreich.org/1/haunted-hosts
	```

	Source: gopher://bitreich.org/0/usr/roygbyte/phlog/2024-10-12T14-01-34-582764.md