I could see a few ways to use this. For me, what makes sense for my public sftp servers is to put this on a higher port, then use ipset lists to dynamically add bots to a DNAT rule and send them to this instead of the proper sshd.
i.e. you get 2 chances to authenticate correctly, then I put you in this hamster wheel for a day. Hamster wheels and intermittent fasting are all the rage these days.
I was thinking of something similar, but in reverse -- turn this into part tarpit, part honeypot.
I was thinking I could take the IP address of anyone who hangs out in the tarpit for longer than a minute or so and automatically add it to my firewall's blacklist.
i.e. you get 2 chances to authenticate correctly, then I put you in this hamster wheel for a day. Hamster wheels and intermittent fasting are all the rage these days.