tosh dynamically changes the last 6 digits of an SSH server's IPv6 address every 30 seconds using a TOTP code to add a layer of obscurity to SSH access.
Imagine your SSH server only listens on an IPv6 address, and where the last 6 digits are changing every 30 seconds as a TOTP code...
This tool is designed for system administrators or security enthusiasts who want to obscure their SSH server's accessibility by leveraging time-based one-time passwords embedded in the IPv6 address. It is particularly useful as an additional security layer against automated bots and script kiddies, rather than sophisticated attackers. Users must have a properly configured SSH server and synchronized system clocks to effectively use this tool.
This tool is intended as a security-through-obscurity measure and should only be used by those who understand its limitations. It is not a substitute for proper SSH hardening such as public key authentication and user restrictions. Time synchronization between client and server is critical for correct operation. Consider combining with firewall rules and SSH tarpit solutions for enhanced protection. The client-side implementation is not yet complete, with plans for integration via SSH ProxyCommand.
Assign yourself an IPv6 subnet and replace the last 6 hex characters with 'x' in the template
Create a base32 TOTP secret using a tool like 'gen-oath-safe mikroskeem totp'
Export the IPv6 template as TOSH_IP_TEMPLATE environment variable
Export the TOTP secret as TOSH_TOTP_SECRET environment variable
Run 'tosh generate' to produce the current dynamic IPv6 address
Optionally, set up systemd timers and iptables rules as per examples/iptables/export TOSH_IP_TEMPLATE=fd15:4ba5:5a2b:1008:20c:29ff:fexx:xxxx
Sets the IPv6 address template with placeholders for dynamic TOTP-based digits
export TOSH_TOTP_SECRET=3OBVZP4AI74OIJO5YGV3UEXKXS6ISJ6H
Sets the base32 TOTP secret used to generate the dynamic IPv6 address suffix
tosh generate
Generates the current IPv6 address with the last 6 digits replaced by the current TOTP code