Denyhosts is a utility that automatically bans IPs who attempt to ssh in to your server and get three wrong passwords. This is great when people are dictionary-attacking your SSH server, but less good when you have actual users who might get their password wrong.
The FAQ for denyhosts says how to fix this if it happens and your users are banned, but it’s a bit faffy, so I’m putting my script here. It works for me, it may screw your life up. Backups are your friend.
#/bin/sh REMOVE=$1 /etc/init.d/denyhosts stop cd /var/lib/denyhosts for THISFILE in hosts hosts-restricted hosts-root hosts-valid users-hosts; do mv $THISFILE /tmp/; cat /tmp/$THISFILE | grep -v $REMOVE > $THISFILE; rm /tmp/$THISFILE; done; mv /etc/hosts.deny /tmp/ cat /tmp/hosts.deny | grep -v $REMOVE > /etc/hosts.deny; rm /tmp/hosts.deny /etc/init.d/denyhosts start
Needs to run as root or someone with access to all denyhost’s files (plus hosts.deny).
2015 Addition:
As time has moved on, service management’s changed a bit. For Debian derived distros (ubuntu, probably mint?) you’ll need to change the /etc/init.d/denyhost lines with “service denyhosts stop” etc. Slackware uses “/usr/share/denyhosts/daemon-control”. Look it up for your own system, everything else should be fine, still. Thanks to Bill B and Velimir Kalik in the comments.
I use this:
http://dwm.me.uk/articles/2008/mitigating-ssh-attacks
It works, and doesn’t require any maintenance.
Hi,
thanks for a great script! This is the version of your script if you install DenyHosts from source (for instance on Slackware :)).
I hope it helps someone 🙂
#/bin/sh
REMOVE=$1
/usr/share/denyhosts/daemon-control stop
cd /usr/share/denyhosts/data
for THISFILE in hosts hosts-restricted hosts-root hosts-valid users-hosts;
do
mv $THISFILE /tmp;
cat /tmp/$THISFILE | grep -v $REMOVE > $THISFILE;
rm /tmp/$THISFILE;
done;
mv /etc/hosts.deny /tmp/
cat /tmp/hosts.deny | grep -v $REMOVE > /etc/hosts.deny;
rm /tmp/hosts.deny
/usr/share/denyhosts/daemon-control start
Works like a charm, Although I added users-valid to the list.
Thanks Alot!!
Thanks for this great Script!
Script works well as of 2015, Denyhosts version 2.6. Thanks!
Had to replace /etc/init.d/denyhosts stop (start) with service denyhosts stop (start) on CentOS.
Bill B: I’m moderately surprised a 6 year old script only needs that level of change, but thanks, I’ve added that to the original article
Hi there,
I wanted to share a slighly different method:
first stop service
sudo service denyhosts stop
then add the host to allow list
sudo vi /etc/hosts.allow
with “ALL: yourip or yourhostname”
then remove the host from the deny list
sudo vi /etc/hosts.deny
then restart serviec
sudo service denyhosts start &
Kindly