Categories
sysadmin

To remove a host that denyhosts has banned

Denyhosts is a utility that automatically bans IPs who attempt to ssh in to your server and get three wrong passwords. This is great when people are dictionary-attacking your SSH server, but less good when you have actual users who might get their password wrong.

The FAQ for denyhosts says how to fix this if it happens and your users are banned, but it’s a bit faffy, so I’m putting my script here. It works for me, it may screw your life up. Backups are your friend.

#/bin/sh
REMOVE=$1
/etc/init.d/denyhosts stop
cd /var/lib/denyhosts
for THISFILE in hosts hosts-restricted hosts-root hosts-valid users-hosts;
	do
	mv $THISFILE /tmp/;
	cat /tmp/$THISFILE | grep -v $REMOVE > $THISFILE;
	rm /tmp/$THISFILE;
done;
mv /etc/hosts.deny /tmp/
cat /tmp/hosts.deny | grep -v $REMOVE > /etc/hosts.deny;
rm /tmp/hosts.deny
/etc/init.d/denyhosts start

Needs to run as root or someone with access to all denyhost’s files (plus hosts.deny).

2015 Addition:

As time has moved on, service management’s changed a bit. For Debian derived distros (ubuntu, probably mint?) you’ll need to change the /etc/init.d/denyhost lines with “service denyhosts stop” etc. Slackware uses “/usr/share/denyhosts/daemon-control”. Look it up for your own system, everything else should be fine, still. Thanks to Bill B and Velimir Kalik in the comments.

7 replies on “To remove a host that denyhosts has banned”

Hi,

thanks for a great script! This is the version of your script if you install DenyHosts from source (for instance on Slackware :)).

I hope it helps someone đŸ™‚

#/bin/sh
REMOVE=$1

/usr/share/denyhosts/daemon-control stop

cd /usr/share/denyhosts/data
for THISFILE in hosts hosts-restricted hosts-root hosts-valid users-hosts;
do
mv $THISFILE /tmp;
cat /tmp/$THISFILE | grep -v $REMOVE > $THISFILE;
rm /tmp/$THISFILE;
done;

mv /etc/hosts.deny /tmp/
cat /tmp/hosts.deny | grep -v $REMOVE > /etc/hosts.deny;
rm /tmp/hosts.deny

/usr/share/denyhosts/daemon-control start

Script works well as of 2015, Denyhosts version 2.6. Thanks!

Had to replace /etc/init.d/denyhosts stop (start) with service denyhosts stop (start) on CentOS.

Bill B: I’m moderately surprised a 6 year old script only needs that level of change, but thanks, I’ve added that to the original article

Hi there,
I wanted to share a slighly different method:
first stop service
sudo service denyhosts stop
then add the host to allow list
sudo vi /etc/hosts.allow
with “ALL: yourip or yourhostname”
then remove the host from the deny list
sudo vi /etc/hosts.deny
then restart serviec
sudo service denyhosts start &

Kindly

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.