honeyd-SSH validity?

[Thomas Jones <thomas.jones () linux-howtos com>]

Hello all,

I have been studying various attempts/capabilities by myself to fingerprint 
and/or banner grab my honeyd system from within my own LAN. Now, i know that 
this is a low-level system with limited user interaction.

However, the SSHD script does not provide for emulation of a service response 
if the client queries the server verbosely during a connection attempt.

i.e.
ssh -a -l root -v -v -v server.domain.tld

This provides the client with the server protocol version and vice versa, but 
the exchange of any other information for "verbose debugging" is met with a 
RST. It would seem to me, that an advanced attacker would want access to as 
much data as possible with one connection. So as to limit traffic exposure, 
on the target network. 

Any ideas on how to accomplish the emulation of the sshd daemon to look/seem 
valid under a debug scenario?

I have captures, if anyone needs further explanation. TIA.
 
-- 
Thomas Jones
Linux-Howtos Network Administrator
OpenGPG Key: 0x6A3DF6E9