Following on from Part 1, this repo extends the basic SSH honeypot with a downloaderer -- for getting malware samples. Part of my blog post: How to build an SSH honeypot in Python and Docker - Part 2. Made with Python, containserised in Docker, managed with Docker Compose.
Uses the Paramiko Python SSH protocol library.
Setup port forwarding (e.g. from 22 to 2222)
iptables -A PREROUTING -t nat -p tcp --dport 22 -j REDIRECT --to-port 2222
ssh-keygen -t rsa -f server.key
docker-compose build
docker-compose up
Logs are recorded in the auto-generated ssh_honeypot.log and ssh_honeypot_downloader.log files