Securing SSH with Denyhost

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Denyhost is a script intended to run by linux system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks).

If you’ve ever looked at your ssh log (/var/log/secure on Redhat, /var/log/auth.log on Mandrake, etc…) you may be alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but then again, how would you know?). Wouldn’t it be better to automatically prevent that attacker from continuing to gain entry into your system?

This is where Denyhost come in place, where it check for any host that try to login within few failed attempt the remote host ip will be block from login for week or month depend on your setting.

You need to have the followng packages installed:-

1. First you need to download from this website denyhost from here

cd /opt

wget -c http://optusnet.dl.sourceforge.net/sourceforge/denyhosts/DenyHosts-2.6.tar.gz

2. Extract the file

tar xvfz /opt/DenyHosts-2.6.tar.gz

cd /opt/Denyhost-2.6

3. Install the package

python setup.py install

4. After install, the sample configuration file will be located in /usr/share/denyhosts and you need to copy it

cd /usr/share/denyhosts
cp denyhosts.cfg-dist denyhosts.cfg

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

5. Edit the denyhosts.cfg file and change the following lines:-

PURGE_DENY = 2w # purge the blocked entries after 2 week. Default is never
BLOCK_SERVICE = ALL # default is sshd only, prefered to block all
DENY_THRESHOLD_INVALID = 3 # default is 5, deny host if failed 3 login attempt.

the rest of the setting can leave it as default and it works perfectly. They do have other function that can send notification through email when new

block ip added.

6. We have done the setting part, now is to have the Denyhost to start automatically when server bootup. Copy the daemon-control file into

“/etc/rc.d/init.d/” folder.

cp daemon-control-dist /etc/rc.d/init.d/denyhost
chkconfig –add denyhost

7. To start the service immediately, run the following

/sbin/service denyhost start

8. To check if the service is running

ps xa | grep denyhost

and if you can see as below, that’s mean is already working

16747 ? S 0:00 python /usr/bin/denyhosts.py –daemon –config=/usr/share/denyhosts/denyhosts.cfg

9. All the IP being blocked is listed in the “/etc/hosts.deny” file and to remove the IP from blocked, just remove the IP from the file and it can be login back to the server.

That’s all, you have successfully installed the Denyhost.

Source : Howtoforge

2 thoughts on “Securing SSH with Denyhost”

  1. cool…let me know if i got any mistake writing it. Btw about the numbering, you have misunderstood my meaning. I refer to those example you show in the write up can remove the numbering, and those steps need to be follow must have numbers.

Leave a Reply

Your email address will not be published. Required fields are marked *

*