Install denyhosts to block ssh brute force CentOS 6

Leave a reply

Install from epel or rpmforge repo, i’m install it from epel:
# yum --enablerepo=epel -y install denyhosts

-(Optional) If need to configure denyhosts, edit file denyhosts.conf, actually default configuration is fine..
# vi /etc/denyhosts.conf

-Start denyhosts service & make start on boot:
# service denyhosts start
# chkconfig denyhosts on


-Testing
Try to ssh the server from other PC with IP Address 192.168.10.124 using wrong passsword..

After certain wrong login then it can’t connect

Check to denyhosts log and hosts.deny. IP address have banned..

 

-How to release denied hosts
1) Stop denyHosts service
# service denyhosts stop
2) Remove the IP address from /etc/hosts.deny
3) Edit the following DenyHosts work files and remove any lines containing the IP address:
/var/lib/denyhosts/hosts
/var/lib/denyhosts/hosts-restricted
/var/lib/denyhosts/hosts-root
/var/lib/denyhosts/hosts-valid
/var/lib/denyhosts/users-hosts
4) Optionally consider adding the IP address to /var/lib/denyhosts/allowed-hosts (as appropriate)
5) Start denyHosts service again
# service denyhosts start

Not all of the files in the /var/lib/denyhosts directory will contain the offending IP address, so you may want to use grep to determine which files contain the IP address. For example, to see which files in that directory contain the IP address 12.456.78.90, do:

# cd /var/lib/denyhosts
# grep 192.168.10.124 *

 

References:
http://denyhosts.sourceforge.net/index.html
http://stevejenkins.com/blog/2010/11/how-to-install-denyhosts-to-block-ssh-attacks-on-rhel-6-centos-5-5-fedora-14/
http://www.cyberciti.biz/faq/rhel-linux-block-ssh-dictionary-brute-force-attacks/

Related posts:

Install phpMyAdmin CentOS 7
Ansible Core Yum Update RHEL
Squid LDAP Auth and WPAD

Leave a Reply

Your email address will not be published. Required fields are marked *