Cowrie, the open source SSH and Telnet honeypot, lures attackers into a fully emulated shell and records every login, command and download they attempt.
Cowrie is a widely deployed open source SSH and Telnet honeypot. It presents an emulated, intentionally inviting shell to attackers, then records everything they do: the usernames and passwords they try, every command they run, and every file they attempt to fetch, writing it all to a structured event log and a full session replay. Because the environment is a sandbox with no access to the real system, it delivers rich, safe visibility into who is probing your infrastructure and how, for threat intelligence, attacker technique research and early breach detection.
It suits security teams, researchers and operators who want to study real world attack traffic on infrastructure they run and own inside their own cloud account rather than relying on a hosted service.
cloudimg delivers Cowrie fully installed and running as a managed systemd service under an unprivileged, dedicated user, never as root. Security is designed in and the two planes are kept cleanly separate: the emulated honeypot listens on dedicated high ports while the operating system's own SSH stays key only for real administration, with no image baked password and no shared bootstrap credential. On each instance's first boot the appliance generates fresh, unique honeypot host keys, so no two deployments share a fingerprint and the image gives nothing away about its origin. Every attacker session is written to a structured JSON event log and a full replay capture, ready to forward to your log pipeline, and every deployment carries a paired deployment guide and 24/7 support.