ssh-honeypotd

ssh-honeypotd is a low-interaction SSH honeypot implemented in C that simulates an SSH service to attract and log unauthorized access attempts. The tool operates by binding to a specified IP address and port (defaulting to 0.0.0.0:22) and presents itself as a legitimate SSH service to potential attackers. It supports various host key types including RSA, DSA, ECDSA, and ED25519 for authentication simulation. Key operational features include: - Configurable binding address and port settings - Support for multiple host key formats for realistic SSH service emulation - Privilege dropping capabilities to run under specified user and group accounts - Daemon mode operation with PID file management for background execution - Syslog integration for centralized logging with customizable daemon naming - Foreground mode option for debugging and testing purposes The honeypot requires minimal configuration and can automatically generate host keys when compiled against newer libssh versions (0.8.0+). For older libssh versions, manual host key specification is required through the -k option. Security considerations include the ability to drop privileges after startup and run under non-privileged user accounts to minimize system exposure. The tool logs all interaction attempts through syslog, enabling security teams to monitor and analyze attack patterns targeting SSH services.