Denyhosts is a utility that automatically bans IPs who attempt to ssh in to your server and get three wrong passwords. This is great when people are dictionary-attacking your SSH server, but less good when you have actual users who might get their password wrong.

The FAQ for denyhosts says how to fix this if it happens and your users are banned, but it’s a bit faffy, so I’m putting my script here. It works for me, it may screw your life up. Backups are your friend.

Needs to run as root or someone with access to all denyhost’s files (plus hosts.deny).

2015 Addition:

As time has moved on, service management’s changed a bit. For Debian derived distros (ubuntu, probably mint?) you’ll need to change the /etc/init.d/denyhost lines with “service denyhosts stop” etc. Slackware uses “/usr/share/denyhosts/daemon-control”. Look it up for your own system, everything else should be fine, still. Thanks to Bill B and Velimir Kalik in the comments.