├── INSTALL.md ├── .gitignore ├── bin └── .gitignore ├── TODO.md ├── Makefile ├── README.md ├── scripts ├── ssh-honeypot-unique-passwords.sh ├── ssh-honeypot-top10-passwords.sh ├── ssh-honeypot-top10-usernames.sh ├── ssh-honeypot-unique-passwords-count.sh ├── ssh-honeypot-unique-ips-password.sh ├── ssh-honeypot-unique-ips-password-count.sh ├── ssh-honeypot-unique-ips-scanners.sh ├── ssh-honeypot-unique-ips-scanners-count.sh ├── ssh-honeypot-pid-check.sh └── ssh-honeypot-unique-ips-geolocation.sh ├── src ├── config.h └── ssh-honeypot.c └── LICENSE.md /INSTALL.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore RSA keys and log files 2 | ssh-honeypot.* 3 | -------------------------------------------------------------------------------- /bin/.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore everything in this directory 2 | * 3 | # Except this file 4 | !.gitignore 5 | -------------------------------------------------------------------------------- /TODO.md: -------------------------------------------------------------------------------- 1 | - gather more SSH banners and add ability to select 2 | - log parsing scripts 3 | -- geolocation 4 | -- graphs/statistics 5 | - canaries 6 | - Fail2Ban? 7 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | CC=gcc 2 | CFLAGS=-static-libgcc 3 | LIBS=-lssh 4 | 5 | ssh-honeypot: 6 | $(CC) $(CFLAGS) -o bin/ssh-honeypot src/ssh-honeypot.c $(LIBS) 7 | 8 | clean: 9 | rm -f *~ src/*~ bin/ssh-honeypot src/*.o 10 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # SSH Honeypot 2 | 3 | This program listens for incoming ssh connections and logs the ip 4 | address, username, and password used. This was written to gather 5 | rudimentary intelligence on brute force attacks. 6 | 7 | ## Quick start 8 | - ensure libssh is installed (apt install libssh-dev) 9 | - edit src/config.h 10 | - ssh-keygen -t rsa (save to non-default location!) 11 | - make 12 | - bin/ssh-honeypot -r ssh-honeypot.rsa 13 | 14 | -------------------------------------------------------------------------------- /scripts/ssh-honeypot-unique-passwords.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # ssh-honeypot-unique-passwords.sh -- by Daniel Roberson 4 | # -- Prints a list of all passwords found in the logs. 5 | # 6 | # -- usage: ssh-honeypot-unique-passwords.sh 7 | 8 | if [ ! $1 ]; then 9 | echo "FATAL: no input file!" 10 | echo "usage: $0 ssh-honeypot.log" 11 | exit 1 12 | fi 13 | 14 | grep "] ssh-honeypot " $1 >/dev/null 2>&1 15 | if [ $? -ne 0 ]; then 16 | echo "FATAL: $1 doesn't appear to be a ssh-honeypot log file" 17 | exit 1 18 | fi 19 | 20 | grep -v -e " Error exchanging keys: " -e "] ssh-honeypot " $1 |awk {'print $8'} |sort |uniq 21 | -------------------------------------------------------------------------------- /scripts/ssh-honeypot-top10-passwords.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # ssh-honeypot-top10-passwords.sh -- by Daniel Roberson 4 | # -- Prints a list of the top 10 passwords found in the logs. 5 | # 6 | # -- usage: ssh-honeypot-top10-passwords.sh 7 | 8 | if [ ! $1 ]; then 9 | echo "FATAL: no input file!" 10 | echo "usage: $0 ssh-honeypot.log" 11 | exit 1 12 | fi 13 | 14 | grep "] ssh-honeypot " $1 >/dev/null 2>&1 15 | if [ $? -ne 0 ]; then 16 | echo "FATAL: $1 doesn't appear to be a ssh-honeypot log file" 17 | exit 1 18 | fi 19 | 20 | grep -v -e "Error exchanging keys" $1 -e "] FATAL" -e "] ssh-honeypot " | awk {'print $8'} |sort |uniq -c |sort -rn |head -n 10 21 | -------------------------------------------------------------------------------- /scripts/ssh-honeypot-top10-usernames.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # ssh-honeypot-top10-usernames.sh -- by Daniel Roberson 4 | # -- Prints a list of the top 10 usernames found in the logs. 5 | # 6 | # -- usage: ssh-honeypot-top10-usernames.sh 7 | 8 | if [ ! $1 ]; then 9 | echo "FATAL: no input file!" 10 | echo "usage: $0 ssh-honeypot.log" 11 | exit 1 12 | fi 13 | 14 | grep "] ssh-honeypot " $1 >/dev/null 2>&1 15 | if [ $? -ne 0 ]; then 16 | echo "FATAL: $1 doesn't appear to be a ssh-honeypot log file" 17 | exit 1 18 | fi 19 | 20 | grep -v -e "Error exchanging keys" $1 -e "] FATAL" -e "] ssh-honeypot " | awk {'print $7'} |sort |uniq -c |sort -rn |head -n 10 21 | -------------------------------------------------------------------------------- /scripts/ssh-honeypot-unique-passwords-count.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # ssh-honeypot-unique-passwords-count.sh -- by Daniel Roberson 4 | # -- Prints a list of all passwords found in the logs with counts. 5 | # 6 | # -- usage: ssh-honeypot-unique-passwords-count.sh 7 | 8 | if [ ! $1 ]; then 9 | echo "FATAL: no input file!" 10 | echo "usage: $0 ssh-honeypot.log" 11 | exit 1 12 | fi 13 | 14 | grep "] ssh-honeypot " $1 >/dev/null 2>&1 15 | if [ $? -ne 0 ]; then 16 | echo "FATAL: $1 doesn't appear to be a ssh-honeypot log file" 17 | exit 1 18 | fi 19 | 20 | grep -v -e " Error exchanging keys: " -e "] ssh-honeypot " $1 |awk {'print $8'} |sort |uniq -c |sort -rn 21 | -------------------------------------------------------------------------------- /src/config.h: -------------------------------------------------------------------------------- 1 | #define VERSION "0.0.4" 2 | #define AUTHOR "Daniel Roberson" 3 | 4 | #define LOGFILE "ssh-honeypot.log" /* default log location */ 5 | #define PIDFILE "ssh-honeypot.pid" /* default pid file location */ 6 | #define PORT 22 /* default port */ 7 | #define RSAKEY "ssh-honeypot.rsa" /* default RSA key */ 8 | #define BINDADDR "0.0.0.0" /* default bind address */ 9 | #define BANNER "OpenSSH_7.2p2 Ubuntu-4ubuntu2.1" /* fake Ubuntu 16.04 */ 10 | //#define BANNER "OpenSSH_6.6.1" /* openSUSE 42.1 */ 11 | //#define BANNER "OpenSSH_6.7p1 Debian-5+deb8u3" /* Debian 8.6 */ 12 | -------------------------------------------------------------------------------- /scripts/ssh-honeypot-unique-ips-password.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # ssh-honeypot-unique-ips-password.sh -- by Daniel Roberson 4 | # -- prints a list of unique IP addresses which have tried to authenticate 5 | # -- to ssh-honeypot with a password. 6 | # 7 | # -- usage: ssh-honeypot-unique-ips-password.sh 8 | 9 | if [ ! $1 ]; then 10 | echo "FATAL: no input file!" 11 | echo "usage: $0 ssh-honeypot.log" 12 | exit 1 13 | fi 14 | 15 | grep "] ssh-honeypot " $1 >/dev/null 2>&1 16 | if [ $? -ne 0 ]; then 17 | echo "FATAL: $1 doesn't appear to be a ssh-honeypot log file" 18 | exit 1 19 | fi 20 | 21 | grep -v -e "Error exchanging keys" $1 -e "] FATAL" -e "] ssh-honeypot " | awk {'print $6'} |sort |uniq 22 | -------------------------------------------------------------------------------- /scripts/ssh-honeypot-unique-ips-password-count.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # ssh-honeypot-unique-ips-password-count.sh -- by Daniel Roberson 4 | # -- prints a list of unique IP addresses which have tried to authenticate 5 | # -- to ssh-honeypot with a password with number of times they have tried. 6 | # 7 | # -- usage: ssh-honeypot-unique-ips-password-count.sh 8 | 9 | if [ ! $1 ]; then 10 | echo "FATAL: no input file!" 11 | echo "usage: $0 ssh-honeypot.log" 12 | exit 1 13 | fi 14 | 15 | grep "] ssh-honeypot " $1 >/dev/null 2>&1 16 | if [ $? -ne 0 ]; then 17 | echo "FATAL: $1 doesn't appear to be a ssh-honeypot log file" 18 | exit 1 19 | fi 20 | 21 | grep -v -e "Error exchanging keys" $1 -e "] FATAL" -e "] ssh-honeypot " | awk {'print $6'} |sort |uniq -c |sort -rn 22 | -------------------------------------------------------------------------------- /scripts/ssh-honeypot-unique-ips-scanners.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # ssh-honeypot-unique-ips-scanners.sh -- by Daniel Roberson 4 | # -- prints a list of unique IP addresses which have connected to 5 | # -- ssh-honeypot, but did not try a password. This typically indicates 6 | # -- a scan of some kind. 7 | # 8 | # -- usage: ssh-honeypot-unique-ips-scanners.sh 9 | 10 | if [ ! $1 ]; then 11 | echo "FATAL: no input file!" 12 | echo "usage: $0 ssh-honeypot.log" 13 | exit 1 14 | fi 15 | 16 | grep "] ssh-honeypot " $1 >/dev/null 2>&1 17 | if [ $? -ne 0 ]; then 18 | echo "FATAL: $1 doesn't appear to be a ssh-honeypot log file" 19 | exit 1 20 | fi 21 | 22 | grep -v -e "] FATAL" -e "] ssh-honeypot " -e "] Error exchanging keys:" $1 | grep "Error exchanging keys" |awk {'print $6'} |sort |uniq 23 | -------------------------------------------------------------------------------- /scripts/ssh-honeypot-unique-ips-scanners-count.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # ssh-honeypot-unique-ips-scanners-count.sh -- by Daniel Roberson 4 | # -- prints a list of unique IP addresses which have connected to 5 | # -- ssh-honeypot, but did not try a password. This typically indicates 6 | # -- a scan of some kind. 7 | # 8 | # -- usage: ssh-honeypot-unique-ips-scanners-count.sh 9 | 10 | if [ ! $1 ]; then 11 | echo "FATAL: no input file!" 12 | echo "usage: $0 ssh-honeypot.log" 13 | exit 1 14 | fi 15 | 16 | grep "] ssh-honeypot " $1 >/dev/null 2>&1 17 | if [ $? -ne 0 ]; then 18 | echo "FATAL: $1 doesn't appear to be a ssh-honeypot log file" 19 | exit 1 20 | fi 21 | 22 | grep -v -e "] FATAL" -e "] ssh-honeypot " -e "] Error exchanging keys:" $1 | grep "Error exchanging keys" |awk {'print $6'} |sort |uniq -c |sort -rn 23 | -------------------------------------------------------------------------------- /scripts/ssh-honeypot-pid-check.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ssh-honeypot-pid-check.sh -- by Daniel Roberson 4 | # -- simple script to respawn ssh-honeypot if it dies. 5 | # -- meant to be placed in your crontab! 6 | # -- 7 | # -- * * * * * /path/to/ssh-honeypot-pid-check.sh 8 | 9 | # Season to taste: 10 | PIDFILE="/var/run/ssh-honeypot.pid" 11 | LOGFILE="/var/log/ssh-honeypot.log" 12 | RSAFILE="/root/ssh-honeypot/ssh-honeypot.rsa" 13 | SSHHPPATH="/root/ssh-honeypot/bin/ssh-honeypot -d -f $PIDFILE -l $LOGFILE -r $RSAFILE" 14 | 15 | if [ ! -f $PIDFILE ]; then 16 | # PIDFILE doesnt exist! 17 | echo "ssh-honeypot not running. Attempting to start" 18 | $SSHHPPATH 19 | exit 20 | else 21 | # PID file exists. check if its running! 22 | kill -0 `cat $PIDFILE |head -n 1` 2>/dev/null 23 | if [ $? -eq 0 ]; then 24 | exit 0 25 | else 26 | echo "ssh-honeypot not running. Attempting to start" 27 | $SSHHPPATH 28 | fi 29 | fi 30 | 31 | -------------------------------------------------------------------------------- /scripts/ssh-honeypot-unique-ips-geolocation.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # ssh-honeypot-unique-ips-scanners.sh -- by Daniel Roberson 4 | # -- prints a list of unique IP addresses which have connected to 5 | # -- ssh-honeypot, but did not try a password. This typically indicates 6 | # -- a scan of some kind. 7 | # 8 | # -- usage: ssh-honeypot-unique-ips-scanners.sh 9 | 10 | if [ ! $1 ]; then 11 | echo "FATAL: no input file!" 12 | echo "usage: $0 ssh-honeypot.log" 13 | exit 1 14 | fi 15 | 16 | grep "] ssh-honeypot " $1 >/dev/null 2>&1 17 | if [ $? -ne 0 ]; then 18 | echo "FATAL: $1 doesn't appear to be a ssh-honeypot log file" 19 | exit 1 20 | fi 21 | 22 | grep -v -e "] ssh-honeypot " -e "FATAL" -e "] Error " $1 |awk {'print $6'} |sort |uniq -c |sort -rn >~/.temp-ip-list 23 | 24 | while read ip; do 25 | echo -n "$ip " 26 | echo $ip |awk {'print $2'} |xargs geoiplookup |sed 's/GeoIP\ Country\ Edition\:\ //g' 27 | done < ~/.temp-ip-list 28 | 29 | rm -f ~/.temp-ip-list 30 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | The MIT License 2 | 3 | Copyright (c) 2016 Daniel Roberson 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining 6 | a copy of this software and associated documentation files (the 7 | "Software"), to deal in the Software without restriction, including 8 | without limitation the rights to use, copy, modify, merge, publish, 9 | distribute, sublicense, and/or sell copies of the Software, and to 10 | permit persons to whom the Software is furnished to do so, subject to 11 | the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be 14 | included in all copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 19 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 20 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 21 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 22 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -------------------------------------------------------------------------------- /src/ssh-honeypot.c: -------------------------------------------------------------------------------- 1 | /* ssh-honeypot -- by Daniel Roberson (daniel(a)planethacker.net) 2016 2 | */ 3 | 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | 15 | #include 16 | #include 17 | 18 | #include "config.h" 19 | 20 | 21 | char *logfile = LOGFILE; 22 | char *pidfile = PIDFILE; 23 | char *banner = BANNER; 24 | char *rsakey = RSAKEY; 25 | char *bindaddr = BINDADDR; 26 | int console_output = 1; 27 | int daemonize = 0; 28 | 29 | /* usage() -- prints out usage instructions and exits the program 30 | */ 31 | void usage (const char *progname) { 32 | fprintf (stderr, "ssh-honeypot %s by %s\n\n", VERSION, AUTHOR); 33 | fprintf (stderr, "usage: %s [-?h -p -l -b

-r -f ]\n", progname); 34 | fprintf (stderr, "\t-?/-h\t\t-- this help menu\n"); 35 | fprintf (stderr, "\t-p \t-- listen port\n"); 36 | fprintf (stderr, "\t-b

\t-- IP address to bind to\n"); 37 | fprintf (stderr, "\t-l \t-- log file\n"); 38 | fprintf (stderr, "\t-r \t-- specify RSA key to use\n"); 39 | fprintf (stderr, "\t-f \t-- specify location to PID file\n"); 40 | 41 | exit (EXIT_FAILURE); 42 | } 43 | 44 | 45 | /* log_entry() -- adds timestamped log entry 46 | * -- displays output to stdout if console_output is true 47 | * -- returns 0 on success, 1 on failure 48 | */ 49 | int log_entry (const char *fmt, ...) { 50 | int n; 51 | FILE *fp; 52 | time_t t; 53 | va_list va; 54 | char *timestr; 55 | char buf[1024]; 56 | 57 | 58 | time (&t); 59 | timestr = strtok (ctime (&t), "\n"); // banish newline character to the land 60 | // of wind and ghosts 61 | if ((fp = fopen (logfile, "a+")) == NULL) { 62 | fprintf (stderr, "Unable to open logfile %s: %s\n", 63 | logfile, 64 | strerror (errno)); 65 | return 1; 66 | } 67 | 68 | va_start (va, fmt); 69 | vsprintf (buf, fmt, va); 70 | va_end (va); 71 | 72 | 73 | n = fprintf (fp, "[%s] %s\n", timestr, buf); 74 | 75 | if (console_output) 76 | printf ("[%s] %s\n", timestr, buf); 77 | 78 | fclose (fp); 79 | return n; 80 | } 81 | 82 | 83 | /* get_ssh_ip() -- obtains IP address via ssh_session 84 | */ 85 | char *get_ssh_ip(ssh_session session) { 86 | static char ip[INET6_ADDRSTRLEN]; 87 | struct sockaddr_storage tmp; 88 | struct sockaddr_in *s; 89 | socklen_t address_len = sizeof(tmp); 90 | 91 | 92 | getpeername (ssh_get_fd (session), (struct sockaddr *)&tmp, &address_len); 93 | s = (struct sockaddr_in *)&tmp; 94 | inet_ntop (AF_INET, &s->sin_addr, ip, sizeof(ip)); 95 | 96 | return ip; 97 | } 98 | 99 | 100 | /* handle_ssh_auth() -- handles ssh authentication requests, logging 101 | * -- appropriately. 102 | */ 103 | int handle_ssh_auth (ssh_session session) { 104 | ssh_message message; 105 | char *ip; 106 | 107 | 108 | ip = get_ssh_ip (session); 109 | 110 | if (ssh_handle_key_exchange (session)) { 111 | log_entry ("%s Error exchanging keys: %s", ip, ssh_get_error (session)); 112 | return -1; 113 | } 114 | 115 | for (;;) { 116 | if ((message = ssh_message_get (session)) == NULL) 117 | break; 118 | 119 | if (ssh_message_subtype (message) == SSH_AUTH_METHOD_PASSWORD) { 120 | log_entry ("%s %s %s", 121 | ip, 122 | ssh_message_auth_user (message), 123 | ssh_message_auth_password (message)); 124 | } 125 | 126 | ssh_message_reply_default (message); 127 | ssh_message_free (message); 128 | } 129 | 130 | return 0; 131 | } 132 | 133 | 134 | /* write_pid_file() -- writes PID to PIDFILE 135 | */ 136 | void write_pid_file (char *path, pid_t pid) { 137 | FILE *fp; 138 | 139 | printf("path %s\n", path); 140 | fp = fopen (path, "w"); 141 | 142 | if (fp == NULL) { 143 | log_entry ("FATAL: Unable to open PID file %s: %s\n", 144 | path, 145 | strerror (errno)); 146 | 147 | exit (EXIT_FAILURE); 148 | } 149 | 150 | fprintf (fp, "%d", pid); 151 | fclose (fp); 152 | } 153 | 154 | 155 | /* main() -- main entry point of program 156 | */ 157 | int main (int argc, char *argv[]) { 158 | pid_t pid, child; 159 | char opt; 160 | unsigned short port = PORT; 161 | ssh_session session; 162 | ssh_bind sshbind; 163 | 164 | 165 | while ((opt = getopt (argc, argv, "h?p:dl:b:r:f:")) != -1) { 166 | switch (opt) { 167 | case '?': /* print usage */ 168 | case 'h': 169 | usage (argv[0]); 170 | break; 171 | 172 | case 'p': /* listen port */ 173 | port = atoi(optarg); 174 | break; 175 | 176 | case 'd': /* daemonize */ 177 | daemonize = 1; 178 | console_output = 0; 179 | break; 180 | 181 | case 'l': /* log file path */ 182 | logfile = optarg; 183 | break; 184 | 185 | case 'b': /* IP to bind to */ 186 | bindaddr = optarg; 187 | break; 188 | 189 | case 'r': /* path to rsa key */ 190 | rsakey = optarg; 191 | break; 192 | 193 | case 'f': /* pid file location */ 194 | pidfile = optarg; 195 | break; 196 | 197 | default: 198 | usage (argv[0]); 199 | } 200 | } 201 | 202 | signal (SIGCHLD, SIG_IGN); 203 | 204 | if (daemonize == 1) { 205 | pid = fork(); 206 | 207 | if (pid < 0) { 208 | log_entry ("FATAL: fork(): %s\n", strerror (errno)); 209 | exit (EXIT_FAILURE); 210 | } 211 | 212 | else if (pid > 0) { 213 | write_pid_file (pidfile, pid); 214 | exit (EXIT_SUCCESS); 215 | } 216 | 217 | printf ("ssh-honeypot %s by %s started on port %d. PID %d\n", 218 | VERSION, 219 | AUTHOR, 220 | port, 221 | getpid()); 222 | } 223 | 224 | log_entry ("ssh-honeypot %s by %s started on port %d. PID %d", 225 | VERSION, 226 | AUTHOR, 227 | port, 228 | getpid()); 229 | 230 | session = ssh_new (); 231 | sshbind = ssh_bind_new (); 232 | 233 | ssh_bind_options_set (sshbind, SSH_BIND_OPTIONS_BINDADDR, bindaddr); 234 | ssh_bind_options_set (sshbind, SSH_BIND_OPTIONS_BINDPORT, &port); 235 | ssh_bind_options_set (sshbind, SSH_BIND_OPTIONS_BANNER, banner); 236 | ssh_bind_options_set (sshbind, SSH_BIND_OPTIONS_RSAKEY, rsakey); 237 | 238 | if (ssh_bind_listen (sshbind) < 0) { 239 | log_entry ("FATAL: ssh_bind_listen(): %s", ssh_get_error (sshbind)); 240 | 241 | if (daemonize == 1) 242 | printf ("FATAL: ssh_bind_listen(): %s\n", ssh_get_error (sshbind)); 243 | 244 | exit (EXIT_FAILURE); 245 | } 246 | 247 | for (;;) { 248 | if (ssh_bind_accept (sshbind, session) == SSH_ERROR) { 249 | log_entry ("FATAL: ssh_bind_accept(): %s", ssh_get_error (sshbind)); 250 | exit (EXIT_FAILURE); 251 | } 252 | 253 | child = fork(); 254 | 255 | if (child < 0) { 256 | log_entry ("FATAL: fork(): %s", strerror (errno)); 257 | exit (EXIT_FAILURE); 258 | } 259 | 260 | if (child == 0) { 261 | exit (handle_ssh_auth (session)); 262 | } 263 | } 264 | 265 | return EXIT_SUCCESS; 266 | } 267 | --------------------------------------------------------------------------------