Kippo is an open source and medium interaction SSH honeypot designed to log brute force attacks and most importantly, the entire shell interaction by the attacker.
Kippo is inspired, but not based on Kojoney.
Detailed installation and usage instructions are available on Kippo`s wiki page.
Here are some key features of "Kippo":
· Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
· Possibility of adding fake file contents so the attacker can `cat` files such as /etc/passwd. Only minimal file contents are included
· Session logs stored in an UML compatible format for easy replay with original timings
· Just like Kojoney, Kippo saves files downloaded with wget for later inspection
· Trickery; ssh pretends to connect somewhere, exit doesn`t really exit, etc
Requirements:
· Python 2.5+
· Twisted 8.0+
· PyCrypto