To remove a host that denyhosts has banned
Denyhosts is a utility that automatically bans IPs who attempt to ssh in to your server and get three wrong passwords. This is great when people are dictionary-attacking your SSH server, but less good when you have actual users who might get their password wrong.
The FAQ for denyhosts says how to fix this if it happens and your users are banned, but it’s a bit faffy, so I’m putting my script here. It works for me, it may screw your life up. Backups are your friend.
#/bin/sh
REMOVE=$1
/etc/init.d/denyhosts stop
cd /var/lib/denyhosts
for THISFILE in hosts hosts-restricted hosts-root hosts-valid users-hosts;
do
mv $THISFILE /tmp/;
cat /tmp/$THISFILE | grep -v $REMOVE > $THISFILE;
rm /tmp/$THISFILE;
done;
mv /etc/hosts.deny /tmp/
cat /tmp/hosts.deny | grep -v $REMOVE > /etc/hosts.deny;
rm /tmp/hosts.deny
/etc/init.d/denyhosts start
Needs to run as root or someone with access to all denyhost’s files (plus hosts.deny).
09:39 on May 14th, 2009
I use this:
http://dwm.me.uk/articles/2008/mitigating-ssh-attacks
It works, and doesn’t require any maintenance.
07:55 on May 20th, 2009
Hi,
thanks for a great script! This is the version of your script if you install DenyHosts from source (for instance on Slackware :)).
I hope it helps someone :)
#/bin/sh
REMOVE=$1
/usr/share/denyhosts/daemon-control stop
cd /usr/share/denyhosts/data
for THISFILE in hosts hosts-restricted hosts-root hosts-valid users-hosts;
do
mv $THISFILE /tmp;
cat /tmp/$THISFILE | grep -v $REMOVE > $THISFILE;
rm /tmp/$THISFILE;
done;
mv /etc/hosts.deny /tmp/
cat /tmp/hosts.deny | grep -v $REMOVE > /etc/hosts.deny;
rm /tmp/hosts.deny
/usr/share/denyhosts/daemon-control start
07:26 on July 6th, 2009
Works like a charm, Although I added users-valid to the list.
Thanks Alot!!
12:36 on May 10th, 2010
Thanks for this great Script!