skip navigation

www.Hilands.com


Content:: DenyHosts

DenyHosts setup and configuration
Last Modified: 2012-09-11
DenyHosts is a great tool that can assist your SSH server in the aspect of security. It will automatically spot multiple login attempts and drop them from accessing your system with iptables.

Table of Contents
Installing Deny Hosts
# apt-get install denyhosts
# cp /etc/denyhosts.conf /etc/denyhosts.orig.conf For the configurations we will be using the same setup that was done for the other servers. # nano /etc/denyhosts.conf Changes in red are text changes, the rest are just comment changes (remove or add #) Anything not noted here was left to the default setting.
PURGE_DENY = 4w
BLOCK_SERVICE = ALL
#BLOCK_SERVICE  = sshd
ADMIN_EMAIL = youremail@example.com
SMTP_HOST = smtp.example.com
SMTP_FROM = DenyHosts <nobody@example.com>
SYNC_SERVER = http://xmlrpc.denyhosts.net:9911
SYNC_INTERVAL = 1h
SYNC_UPLOAD = yes
SYNC_DOWNLOAD = yes
SYNC_DOWNLOAD_THRESHOLD = 3
Removing a blocked IP
The deny hosts files are stored in /var/lib/denyhosts.
  1. Turn off DenyHosts # /etc/init.d/denyhosts stop
  2. Remove IP from the following files
    1. /etc/hosts.deny
    2. /var/lib/denyhosts/hosts
    3. /var/lib/denyhosts/hosts-restricted
    4. /var/lib/denyhosts/hosts-root
    5. /var/lib/denyhosts/hosts-valid
    6. /var/lib/denyhosts/users-hosts
  3. Turn on DenyHosts /etc/init.d/denyhosts start

Adding an IP to allowed hosts
Edit the allowed-hosts file, it may not currently exist or be empty. # nano /var/lib/denyhosts/allowed-hosts Add the IP address of the system you no longer want blocked.
192.168.0.*
References