⚠️ This post is archived from my phlog in Gopherspace. Please read my post on the Gopher Protocol to get started!

For Bitreich’s “Haunted Hosts” Hallowe’en event I made this, try a trick:

ssh -p 6666 trick@someodd.zip

.. or how about a treat?

ssh -p 6666 treat@someodd.zip

roygbyte of bitreich mentioned and summarized all the entries (including mine!):

Read the article on roybyte’s gopherhole

Background

Bitreich “Haunted Hosts” Hallowe’en event announced!

I would like to thank Bitreich member ROYGBYTE for nudging me toward a simpler approach with this writeup:

ROYGBYTE’s guide for authless SSH toy accounts

This guide was written from a Debian perspective, but should work for all Linux users, pretty much.

What I did, how you can too

Setup trick and `treat users

Create the users:

sudo adduser --home /home/trick --shell /bin/sh --disabled-password trick
sudo passwd -d trick


sudo adduser --home /home/treat --shell /bin/sh --disabled-password treat
sudo passwd -d treat

Create the spooky trick script /home/trick/spooky_animation.sh

Don’t forget to mark the script as executable.

/home/trick/spooky_animation.sh:

#!/bin/bash

# First frame
frame1=$(cat << 'EOF'
                     
                     
   (       "     )   
    ( _  *           Double, double
       * (     /      \    ___
          "     "        _/ /
         (   *  )    ___/   |
           )   "     _ o)'-./__
          *  _ )    (_, . $$$
          (  )   __ __ >_ $$$$
           ( :  { _)  '---  $\
      ______'___//__\   ____, \
       )           ( \_/ _____\_
     .'             \   \------''.
     |='           '=|  |         )
     |               |  |  .    _/
      \    (. ) ,   /  /__I_____\
  snd  '._/_)_(\__.'   (__,(__,_]
      @---()_.'---@
EOF
)

# Second frame
frame2=$(cat << 'EOF'


  (       "     )    Double, double
   ( _  *            Toil and trouble
     * (     /        \    ___
         "     "         _/ /
         (   *  )    ___/   |
          )   "      _ o)'-./__
          *  _ )    (_, . $$$
          (  )  __ __ 7_ $$$$
          ( :  { _)  '---  $\
      _____'___//__\   ____, \
       )           ( \_/ _____\_
     .'             \   \------''.
     |='           '=|  |         )
     |               |  |  .    _/
      \    (. ) ,   /  /__I_____\
  snd  '._/_)_(\__.'   (__,(__,_]
      @---()_.'---@
EOF
)

# Third frame
frame3=$(cat << 'EOF'
                     
                     Double, double
   (       "     )   Toil and trouble
    ( _  *           Fire burn and
       * (     /      \    ___
          "     "        _/ /
         (   *  )    ___/   |
           )   "     _ o)'-./__
          *  _ )    (_, . $$$
          (  )   __ __ >_ $$$$
           ( :  { _)  '---  $\
      ______'___//__\   ____, \
       )           ( \_/ _____\_
     .'             \   \------''.
     |='           '=|  |         )
     |               |  |  .    _/
      \    (. ) ,   /  /__I_____\
  snd  '._/_)_(\__.'   (__,(__,_]
      @---()_.'---@
EOF
)

# Fourth frame
frame4=$(cat << 'EOF'
                     Double, double
                     Toil and trouble
  (       "     )    Fire burn and
   ( _  *            Cauldron bubble
     * (     /        \    ___
         "     "         _/ /
         (   *  )    ___/   |
          )   "      _ o)'-./__
          *  _ )    (_, . $$$
          (  )  __ __ 7_ $$$$
          ( :  { _)  '---  $\
      _____'___//__\   ____, \
       )           ( \_/ _____\_
     .'             \   \------''.
     |='           '=|  |         )
     |               |  |  .    _/
      \    (. ) ,   /  /__I_____\
  snd  '._/_)_(\__.'   (__,(__,_]
      @---()_.'---@
EOF
)

# FIXME: could define witch frames as an array?
# Function to display the animation
witch_animation() {
    count=1
    while [ $count -le 3 ]; do
        # Show frames with a pause between each
        clear
        echo "$frame1"
        sleep 0.5
        clear
        echo "$frame2"
        sleep 0.5
        clear
        echo "$frame3"
        sleep 0.5
        clear
        echo "$frame4"
        sleep 0.5
        ((count++))  # Increment the counter
    done
}

# Define an array of fake system files and directories to "delete"
files=(
    "/bin/bash"
    "/etc/passwd"
    "/usr/local/bin"
    "/home/trick"
    "/var/log/syslog"
    "/boot/vmlinuz"
    "/lib/modules"
    "/tmp/systemd-private"
    "/sbin/init"
    "/root/.bashrc"
    "/dev/null"
    "/proc/cpuinfo"
    "/usr/lib/systemd/system"
    "/var/cache/apt"
    "/usr/share/icons"
    "/boot/initrd.img"
    "/var/spool/cron"
    "/srv"
    "/opt"
    "/home/treat/Documents"
    "/media/usb"
    "/mnt/data"
    "/sys/kernel/debug"
)

# Function to display the fake deletion
fake_deletion_animation() {
    for file in "${files[@]}"; do
        echo "rm -rf $file"
        sleep 0.1  # Delay between each fake deletion
    done

    # Final spooky message
}

# Function to display jumbled/corrupted data stream
corrupted_data_stream() {
    for i in {1..30}; do
        # Output a random string of characters to simulate corruption
        echo "$(head /dev/urandom | tr -dc 'a-zA-Z0-9!@#$%^&*()_+-=[]{}|;:,.<>?~' | head -c 80)"
        sleep 0.1  # Fast stream of corrupted data
    done
}

# Function to simulate a broken input prompt
broken_prompt() {
    while true; do
        # Display a fake prompt symbol
        echo -n "$ "
        
        # Read user input (but don't execute it)
        read user_input
        
        # Simulate "command not found" for any input
        echo "bash: $user_input: command not found"
    done
}

# Show animation
witch_animation

# Call the animation function
fake_deletion_animation

corrupted_data_stream

clear
echo "ENJOY YOUR TRICK."
echo "HAPPY HALLOWEEN 2024!"

echo "Connection to someodd.zip closed."

broken_prompt

Create the spooky treat script /home/treat/ascii_video.sh

Please ensure mpv is installed for this script to work.

Don’t forget to mark as executable (chmod +x /path/to/script.sh).

#!/bin/bash
clear

# Path to the video file you want to play (change this to your own video file)
VIDEO_PATH="/home/treat/felix_the_cat_switches_witches.mp4"

# Check if mpv is installed and then play the video using ASCII output with no sound
if command -v mpv &> /dev/null; then
    echo "Welcome! Enjoy this ASCII video!"
    echo "Press Q to quit the video."

    # Play the video in ASCII mode with no audio output
    mpv --vo=tct --no-audio "$VIDEO_PATH"
else
    echo "mpv is not installed, please install it first."
    exit 1
fi

Setup sshd

A lot of what I did was struggle because of PAM and not noticing that I was using AllowUsers (whitelisting which users are allowed).

Add these lines to /etc/ssh/sshd_config:

# This port for halloween
Port 6666

# FOR HALLOWEEN
# First, deny all users access to port 6666 except "trick" and "treat"
Match LocalPort 6666 User *,!trick,!treat
    PasswordAuthentication no
    PubkeyAuthentication no
    ForceCommand /bin/false
# Now setup "trick"
Match User trick LocalPort 6666
    PasswordAuthentication yes
    PermitEmptyPasswords yes
    PermitTunnel no
    PermitListen none
    PermitOpen none 
    PubkeyAuthentication no
    PermitRootLogin no
    UnusedConnectionTimeout 30
    X11Forwarding no
    ForceCommand /home/trick/spooky_animation.sh
    GatewayPorts no
# Now setup "treat"
Match User treat LocalPort 6666
    PasswordAuthentication yes
    PermitEmptyPasswords yes
    PermitTunnel no
    PermitListen none
    PermitOpen none
    PubkeyAuthentication no
    PermitRootLogin no
    UnusedConnectionTimeout 30
    X11Forwarding no
    # ForceCommand could be set to something specific for 'treat', like a different script or a fun command
    ForceCommand /home/treat/ascii_video.sh
    GatewayPorts no
# Deny 'trick' on the default port 22
Match User trick LocalPort 22
    PasswordAuthentication no
    PubkeyAuthentication no
    ForceCommand /bin/false 
# Deny 'treat' on the default port 22
Match User treat LocalPort 22
    PasswordAuthentication no
    PubkeyAuthentication no
    ForceCommand /bin/false

If you’re using PAM (UsePAM yes), add this to the top of /etc/pam.d/sshd:

# Halloween
auth [success=1 default=ignore] pam_exec.so seteuid /usr/bin/allow_empty_password.sh
auth [success=1 user!=trick default=ignore] pam_unix.so nullok

and also for PAM users create sudo vi /usr/bin/allow_empty_password.sh (don’t forget to sudo chmod +x /usr/bin/allow_empty_password.sh):

#!/bin/bash
if [[ "$PAM_USER" == "trick" || "$PAM_USER" == "treat" ]]; then
    exit 0  # Allow passwordless login
else
    exit 1  # Deny empty password
fi

Restart sshd with sudo service sshd restart.

Add port 6666 to UFW (you may also want to port forward on your router):

sudo ufw allow 6666 comment "trick or treat"

Test it out

While testing the new setup you may want to disable fail2ban, so you don’t get locked out of your box, in case something goes wrong with authentication (sudo service fail2ban stop). Don’t forget to re-enable after testing.

You should be able to run this command successfully now (on a client):

ssh -p 6666 trick@simulacra 

Copy of the event text

# 2024-10-12 14:01:34.582764 UTC (+0000)

Bitreich "Haunted Hosts" Hallowe'en event announced!

                         .=-.
                        / .`
              |\_/|    |  |       ,=+=,
              |-,-|     \ ',     ; ^v^ ;
             _|(=)|      `..+    ;'|+|''       /\_/\
            |    /  |            /;_Y_;\      /     \
            |   /|  |            |\_:_/ \    /  O O  \
            |  / \  |            |/ ' \ /    |  \./  |
            | / _ \ |            /_____\`    |       |
            |/| | |\|              |||       |       |
              | | |     __/__      |||       ;~,~.~,~;
              | | |    //  |`\    _|||_        | | |
         ...._|_|_|_...\`___,/....II'II...... /__|__\rgb...

                     Announcing the first annual:
                 Bitreich "HAUNTED HOSTS" Hallowe'en
                    October 31, 2024, 9:00PM CEST               

This Hallowe'en, hosts from around the world open their ports to
festive trick or treaters. Be spooked, scared, or delighted by hosts
haunting their `ssh` connections with a ghoulish `Banner`, cob-webbed
`ChrootDirectory`, or evil `ForceCommand`!

To participate as a host: Announce your intent to participate by
contacting ROYGBYTE on #bitreich-en:irc.bitreich.org before the event
date. Then, prepare your hauntings: make or modify your =sshd= to
include passwordless authentication for =trick= and/or =treat= users;
and, configure your choice of =sshd= options to create a
correspondingly delightful... or frightful... visitor experience!

To participate as a trick or treater: on October 31, 2024, 9:00PM
CEST, connect via `ssh` as `trick` or `treat` user to participating
hosts. Hosts may be using non-standard `sshd` ports, so for full
connection details check the event page!

Event page: gopher://bitreich.org/1/haunted-hosts

Source: gopher://bitreich.org/0/usr/roygbyte/phlog/2024-10-12T14-01-34-582764.md

Original content in gopherspace: gopher://gopher.someodd.zip:70/1/phlog/bitreich-haunted-hosts.gopher.txt