diff --git a/config/honeypot/response.sh b/config/honeypot/response.sh
new file mode 100644
index 0000000..b093090
--- /dev/null
+++ b/config/honeypot/response.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+# SSH Honeypot Response Script
+# Deploy to: /opt/honeypot/response.sh
+# 
+# Setup commands:
+#   sudo mkdir -p /opt/honeypot
+#   sudo cp config/honeypot/response.sh /opt/honeypot/
+#   sudo chmod +x /opt/honeypot/response.sh
+#   sudo touch /var/log/honeypot.log
+#   sudo chmod 644 /var/log/honeypot.log
+
+# Log connection with timestamp and client IP
+CLIENT_IP=${NCAT_REMOTE_ADDR:-unknown}
+echo "$(date): SSH honeypot connection from $CLIENT_IP" >> /var/log/honeypot.log
+
+# Send fake SSH banner to make it look like OpenSSH
+echo "SSH-2.0-OpenSSH_8.9"
+
+# Brief delay before closing connection
+sleep 2
\ No newline at end of file
diff --git a/config/systemd/ssh-honeypot.service b/config/systemd/ssh-honeypot.service
new file mode 100644
index 0000000..7fae8f3
--- /dev/null
+++ b/config/systemd/ssh-honeypot.service
@@ -0,0 +1,23 @@
+# SSH Honeypot Service
+# Deploy to: /etc/systemd/system/ssh-honeypot.service
+# 
+# Setup commands:
+#   sudo cp config/systemd/ssh-honeypot.service /etc/systemd/system/
+#   sudo systemctl daemon-reload
+#   sudo systemctl enable ssh-honeypot.service
+#   sudo systemctl start ssh-honeypot.service
+
+[Unit]
+Description=SSH Honeypot (Port 22)
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/ncat -l -k -p 22 -c /opt/honeypot/response.sh
+Restart=always
+RestartSec=5
+Group=honeypot
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file