[backwardm]

Here's another question... do honeypots like this one intentionally leave the password blank? (I'd think that would be a pretty good red flag for the attacker to not stick around... maybe that's what the hit & run guys were doing)

It was really entertaining to watch the drunken typist give it his/her best. :)

[ebrinkster]

Kippo by default sets the username as root and the password as 123456. You can add additional username/password combinations, but having multiple passwords to access the same account is a key red flag that the system is in fact a honeypot. You can also simply change the root password to something extremely complicated, especially good if you want a sensor that simply gathers password data (since they'll be unlikely to guess a 65 character password).