Skip to content

Secure Shell (SSH) Configuration

Sample Configuration

The sample configuration below is also available in the [GHOSTS GitHub repository](https://github.com/cmu-sei/GHOSTS/blob/master/src/Ghosts.Client/Sample%20Timelines/clicks

The credentials JSON file expected by this handler has the following format.

{
         "Version": "1.0",
         "Data": {
            "credkey1": {"username":"user1","password":"pw1base64"},
            "credkey2": {"username":"user2","password":"pw2base64"},
            ....
            "credkeyN": {"username":"userN","password":"pwNbase64"},
          }
}

The Version slot string is unused at the moment but is there in case this implementation is extended in the future. The credkey is simply some unique string that identifies the credential. The password is assumed to be UTF8 that is base64 encoded. See src\Ghosts.Client\Infrastructure\SshSupport.cs for a list [reservedword] supported in Ssh commands

{
  "Status": "Run",
  "TimeLineHandlers": [
    {
      "HandlerType": "Ssh",
      "HandlerArgs": {
        "CommandTimeout": 1000, //max time to wait for new input from an SSH command execution
        "TimeBetweenCommandsMax": 5000, //max,min between individual SSH commands
        "TimeBetweenCommandsMin": 1000,
        "ValidExts": "txt;doc;png;jpeg", //used by [randomextension] reserved word, choose random extension from this list
        "CredentialsFile": "d:\\ghosts_data\\ssh_creds.json", //required, file path to a JSON file containing the SSH credentials
        "delay-jitter": 0 //optional, default =0, range 0 to 50, if specified, DelayAfter varied by delay-%jitter*delay to delay+%jitter*delay
      },
      "Initial": "",
      "UtcTimeOn": "00:00:00",
      "UtcTimeOff": "24:00:00",
      "Loop": "True",
      "TimeLineEvents": [
        {
          "Command": "random",
          "CommandArgs": [
            "<an IP>|<unique_key_from_credentials>|ls -lah;ls -ltrh;help;pwd;date;time;uptime;uname -a;df -h;cd ~;cd [remotedirectory];touch [randomname].[randomextension];mkdir [randomname]"  //<serverIP>|<credKey|<commmandList>
          ],
          "DelayAfter": 20000,
          "DelayBefore": 0
        }
      ]
    }
  ]
}