Once upon a time, Jerry James <loganjerry(a)gmail.com> said:
On Wed, Jun 11, 2014 at 9:50 AM, Kevin Fenzi <kevin(a)scrye.com>
wrote:
> Usually the best thing would be to open a infrastructure ticket.
>
> I've hopefully fixed your IP too now tho. ;)
This kind of problem is just going to keep happening to those of us
with dynamic IP addresses from large ISPs. Plus, since there are
multiple possible causes of the error message that gets generated as a
result, it takes the poor sap who experiences the problem some time
and difficulty to figure out that his IP address has been blocked at
the server side. (I speak from experience.)
I hate to say it, but maybe denyhosts shouldn't be used in this case.
Yeah, I've found fail2ban (where IP blocks are expired in a reasonable
time) to be a much better option than denyhosts. It is also "nicer" to
the server because you can block connections with iptables, rather than
forking sshd processes only to close the connection.
Also, if you want, you can configure fail2ban with escalating length
blocks (so "first offense" is 5 minutes, then "3 strikes" gets you an
hour, etc.).
--
Chris Adams <linux(a)cmadams.net>