To remove a host that denyhosts has banned
Denyhosts is a utility that automatically bans IPs who attempt to ssh in to your server and get three wrong passwords. This is great when people are dictionary-attacking your SSH server, but less good when you have actual users who might get their password wrong.
The FAQ for denyhosts says how to fix this if it happens and your users are banned, but it’s a bit faffy, so I’m putting my script here. It works for me, it may screw your life up. Backups are your friend.
#/bin/sh
REMOVE=$1
/etc/init.d/denyhosts stop
cd /var/lib/denyhosts
for THISFILE in hosts hosts-restricted hosts-root hosts-valid users-hosts;
do
mv $THISFILE /tmp/;
cat /tmp/$THISFILE | grep -v $REMOVE > $THISFILE;
rm /tmp/$THISFILE;
done;
mv /etc/hosts.deny /tmp/
cat /tmp/hosts.deny | grep -v $REMOVE > /etc/hosts.deny;
rm /tmp/hosts.deny
/etc/init.d/denyhosts start
Needs to run as root or someone with access to all denyhost’s files (plus hosts.deny).
May 13, 2009 - 8:29 PM
David McBride
May 14, 2009 | 9:39 AMI use this:
http://dwm.me.uk/articles/2008/mitigating-ssh-attacks
It works, and doesn’t require any maintenance.
Velimir Kalik
May 20, 2009 | 7:55 AMHi,
thanks for a great script! This is the version of your script if you install DenyHosts from source (for instance on Slackware :)).
I hope it helps someone :)
#/bin/sh
REMOVE=$1
/usr/share/denyhosts/daemon-control stop
cd /usr/share/denyhosts/data
for THISFILE in hosts hosts-restricted hosts-root hosts-valid users-hosts;
do
mv $THISFILE /tmp;
cat /tmp/$THISFILE | grep -v $REMOVE > $THISFILE;
rm /tmp/$THISFILE;
done;
mv /etc/hosts.deny /tmp/
cat /tmp/hosts.deny | grep -v $REMOVE > /etc/hosts.deny;
rm /tmp/hosts.deny
/usr/share/denyhosts/daemon-control start
Michael
July 6, 2009 | 7:26 AMWorks like a charm, Although I added users-valid to the list.
Thanks Alot!!