Question 1

How to set up SSH Honeypot on Ubuntu from scratch?

Accepted Answer

Install dependencies with 'apt install libssh-dev libjson-c-dev libpcap-dev libssl-dev', build using 'make', generate an RSA key with 'ssh-keygen -t rsa -f ./ssh-honeypot.rsa', and run with 'bin/ssh-honeypot -r ./ssh-honeypot.rsa'. Refer to the Quickstart section for systemd integration if needed.

Question 2

SSH Honeypot vs Cowrie: which is better for honeypots?

Accepted Answer

SSH Honeypot is a low-interaction honeypot focused on logging and HASSH fingerprinting, ideal for simple intelligence gathering. Cowrie is a medium-interaction honeypot that emulates a shell, better for studying attacker behavior with more realism.

Question 3

Can SSH Honeypot handle real SSH logins or stop attacks?

Accepted Answer

No, it only logs connection attempts and does not allow logins or execute commands, making it safe but ineffective for active defense or deep interaction with attackers.

Question 4

How to send SSH Honeypot logs to Splunk for analysis?

Accepted Answer

Use the -J and -P flags to send JSON logs via UDP to a remote host, then configure Splunk to listen on that port. Alternatively, log to a file with -j and use Splunk's file monitoring, as detailed in the JSON Logging section.

Question 5

Is SSH Honeypot safe to run alongside a real SSH server?

Accepted Answer

Yes, but ensure it runs on a different port or uses firewall rules to avoid conflicts. It can drop privileges for security, but monitor logs to prevent interference with legitimate services.

Question 6

How to change the banner to mimic another device?

Accepted Answer

Use 'bin/ssh-honeypot -b' to list available banners or set a custom string with '-b "my banner"', or select by index with '-i <index>', as explained in the Changing the Banner section.

Question 7

Does Docker support make SSH Honeypot easier to deploy?

Accepted Answer

Experimental Docker containers are provided for testing, but they are not guaranteed for production use, so manual setup might still be needed for reliable deployments.

ssh-honeypot

What is ssh-honeypot?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions