If you need secure your ssh server then use onuion-sshd AI Agent.

Many times on cloud hosting's vps servers scanned by automated tools, like ssh scans.

Nihaddev

~2 min read · April 4, 2026 (Updated: April 5, 2026) · Free: Yes

This tools searching so many ports, for example ssh (22) port. I Build an agent tool for solve this ssh scan issues.This tool using onuion/onuion model for analyze ssh sessions (like current session and old session history).

onuion/sshd (a.k.a onuion-sshd):

Onuion SSHD PAM Agent is a real-time risk analysis and enforcement layer for SSH connections. It integrates deeply with the Linux PAM (Pluggable Authentication Modules) stack to analyze login attempts, calculate risk scores, and automatically block malicious actors before they can gain access.

Real-time Risk Scoring: Uses the onuion engine to evaluate SSH login attempts based on historical data.
PAM Integration: Lightweight bridge between the PAM auth process and the security agent.
Automated Enforcement: Automatically blocks high-risk IP addresses using iptables.
Stateful Analysis: Tracks IP and User history (successful/failed attempts, device fingerprints, geo-data stubs).
Daemon Mode: Runs as a standard systemd service for reliability and persistent monitoring.
JSON Logging: Structured logs for easy integration with SIEM or log management tools.

🛠️ Installation

1. Prerequisites

Python 3.8+
iptables (for IP blocking)
PAM-enabled Linux system (Ubuntu, Debian, CentOS, etc.)

2. Install with script

curl -o install.sh https://raw.githubusercontent.com/onuion/sshd/refs/heads/main/install.sh 
chmod +x install.sh
./install.sh

3. Configure PAM

To enable the agent for SSH sessions, you need to add it to your PAM configuration (usually /etc/pam.d/sshd or /etc/pam.d/common-auth):

Add the following line to the top of your PAM config:

auth required pam_exec.so expose_authtok /usr/bin/python3 /opt/onuion-sshd/pam_onuion_check.py

Note: The script uses environment variables provided by pam_exec.so (PAM_USER, PAM_RHOST) to communicate with the agent.

⚙️ CLI Usage (`osshd`)

The osshd command is the main interface for managing the agent.

Service Control

osshd start: Start the agent service.
osshd stop: Stop the agent service.
osshd restart: Restart the agent (required after config changes).
osshd status: Check the status of the service.

Configuration Management

osshd config --list: Show current configuration values.
osshd config --set KEY=VALUE: Update a configuration value.

Example Screenshot:

🛡️ Security & Reliability

The agent is designed with a Fail-Open policy. If the agent service is down or there is a communication error, the PAM bridge will default to continue_connection to prevent legitimate users from being locked out due to an internal error.

#ssh #security #ai #onuion #python