Many developers use SSH to access their systems, so it is not surprising
that SSH servers are widely attacked. During the FOSDEM 2021 conference,
Sanja Bonic and Janos Pasztor reported
on their experiment using containers as a way to easily create
SSH honeypots — fake servers that allow administrators to observe the actions of
attackers without risking a production system. The
conversational-style talk walked the audience through the process of
setting up an SSH server to play the role of the honeypot, showed what
SSH attacks look like, and gave a number of suggestions on how to
improve the security of SSH servers.

Source: LWN.net – [$] Creating an SSH honeypot