DenyHosts

Bill Oliver vendor at billoblog.com
Thu Mar 14 12:31:58 UTC 2013 


On Wed, 13 Mar 2013, Marvin Kosmal wrote:

>
> Hi
>
> Thanks to everyone who replied..
>
> I am running denyhosts on a machine that is remote and I do all my
> work over ssh.  The owner of the remote machine just upgrade the
> machine I needed to reinstall everything.
>
> When I say denyhosts is not working that means that people are trying
> to ssh into that machine as root hunderds of times.  Or trying to log
> in with any name.
>
> On the old machine.  If you tried to log in as root one time, you were
> denied access.  If you tried to log in with bin you get 10 tries and
> then were denied.
>
> Now that is not happening.
>
> As I was remote the first thing I always did was to put my ip address
> in hosts allow.  In the event I fell asleep and used the wrong
> password several times in a row.  I have several passwords I use at
> different places.
>
> So I launch denyhosts from the command line and it gets a pid and is
> running.  But, nothing happens.  People try to ssh in and denyhosts
> never comes up and denies access...
>
> I didn't make a copy of my old config file...  So I can't fall back on that.
>
> I don't want to change the ssh port.   Not my machine. ...
>
> TIA
>
> Marvin
> -- 
> users mailing list
> users at lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
>
As others have noted, make sure that you are using the
/var/lib/denyhosts/allowed-hosts and not /etc/hosts.allowed.

You say you are running it from the command line.  I know this is
obvious, but I have to ask.  Are you running it as root?  If you're not,
it may not be able to get access to the log files it parses.

Here are the things that I had to check in the default
/etc/denyhosts.conf 
to make it work for me:

1) Make sure that you have the right hosts.deny file chosen -- on some
machines it's hosts.allow, hosts.evil, etc.  For me, it's
/etc/hosts.deny.

2) Make sure you have BLOCK_SERVICE set to what you want.  I have it set
to ALL.

3) Check DENY_HOSTS_INVALID (number of times a nonuser name can be
tried) and DENY_HOSTS_VALID (number of times a real user name can be
tried) and make sure they are reasonable numbers.  There are other user
categories, but those are the two that your test runs should hit on.

4) Make sure that WORK_DIR is correct.  For me it is /var/lib/denyhosts.

5) Make sure you have logging turned on (SECURE_LOG).  See point 8.

6) Since you say that you have it running in the foreground and is 
really running, this is probably not the issue, but it might not hurt 
to make sure that when it *isn't* running that there's no
/var/lock/subsys/denyhosts file.

7) Make sure that denyhosts is looking at the right file for 
problems and that the failures are written in some standard way to the 
log file it looks at.  Do you have ssh set up to log failures to a file
other than /var/log/messages?  Make sure that denyhosts knows where to
look.

8) Finally, you can increase the log level of denyhosts, either by
running it with --verbose or --debug options. That might tell you what
is going wrong.


HTH

billo

More information about the users mailing list