But a more modern alternative seems to be the container based approach outlined here. https://lwn.net/Articles/848291/
Not a lot of activity over the time I ran it, and I know that the port gets hit more than that. I had a much better time when I ran a honeypot with Kippo:
https://github.com/desaster/kippo
It was much more useful as it gave me a great list of IP's to block from all my systems ;)
I used to run a Kippo[1] honeypot on port 22. I'd regularly see automated intrusion attempts, often followed up by users manually interacting with the server (and slowly coming to realize that it was fake). Nowadays I expect the exploitation process is typically much more automatic, so it'd be less interesting to watch.
On which there are leaderboards for password attempts: https://livesshattack.net/leaderboards
A password that was tried 11633 times, almost as much as 11684 times that 'password' was tried is 'wubao'.
That led me here: https://ewedaa.wordpress.com/2015/07/02/what-the-heck-is-wub...
which indicated that this is one of the two first passwords used by sshPsycho when attempting a brute force attack.
According to the poster these two passwords are tried often:
> wubao = 誤報, means something wrongly reported
> jiamima = 加密碼, can mean ‘add password’ or ‘encryption code’
Discussion about the use of kippo to log ssh login attempts: http://www.cubieforums.com/index.php?topic=3739.0
Kippo is available here: https://github.com/desaster/kippo