My aim is to improve the security of my Raspberry Pi. The server needs to be open to the world through SSH, and I have already taken the usual measures to beef up the SSH security: primarily, fail2ban and non-standard port.
I am debating the use of a honeypot on top of this. Kippo comes to mind. However, since it adds more moving parts to my system, my fear is that could open up to new vulnerabilities.
On the other hand, I think it could be advantageous to have a honeypot on a somewhat standard port (eg. 222) to prevent attackers from moving to the real port. Or, is this of little use? Will most attackers do a complete port scan anyway?
I am no expert, what are you recommendations?
