Honeypot Detection: SSH Host Keys

In this post I’ll outline a method to detect Cowrie honeypots in both “shell” and “proxy” mode based on SSH Host Keys, post authentication. The method involved is quite simple. It also works on some other honeypots. Firstly, we grab the hosts SSH public key. This can be easily done by using the ssh-keyscan utility. …