I am interested in a openssh honeypot for trapping bot attackers. I have found pshitt and endless ssh. What others should i consider? Do you folks use this to annoy attackers/bot owners?
3 Likes
I like the simplicity of endless ssh but I would not call it honeypot it is just script kiddie trap.
1 Like
I would rather drop attempts, instead of allowing them to play- I’m pretty sure you can log attepts, maybe even ones that use default credentials?
1 Like
I know these two:
- GitHub - cowrie/cowrie: Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io
- GitHub - droberson/ssh-honeypot: Fake sshd that logs ip addresses, usernames, and passwords.
cowrie is an interactive one where you can also replay the ssh sessions. I tried it a few years ago but it did not work well. I don’t know if the bots had some kind of detection.
ssh-honeypot just logs attempts but does not create a session for the attacker. This one worked much better for me. I had so much attempts the honeypot logs filled up my VPS (20GB) in 2h.