Detecting SSH Honeypots with non-persistent filesystems.

A lot has been written on the topic of detecting SSH honeypots in the past, usually using their canned responses against them, SSH protocol quirks, them accepting every password, etc. While experimenting with honeypots based on Docker and suchlike, which spin up a new container for each attacker that logs in, which can be a …