A few years ago, after being bored of watching hundreds and thousands of failed ssh login attempts to my home server, I asked myself: what are these folks trying to bruteforce with? OpenSSH would log the username, but that’s it. I wanted to know more. What about the passwords? Are they trying to use public key auth? What OSs are they using? What commands are they using? Do they jump into interactive mode?