I’ve been looking for a way to prevent ssh brute force attacks. Although they are not particularly dangerous if you have prohibited password login (which you should have done under any circumstances), they had been spamming my log files. Asking the almighty search engine for relief, I found a number of interesting articles about attack blocker, such as DenyHost.
I’ve just installed the package on my private OsX server via MacPorts. However, it took me a while until I found the installation location of all required files. After having touched
/etc/hosts.deny (the file used by denyhosts to store suspicious ips for tcp_wrappers to block them), copied
/opt/local/share/denyhosts/denyhosts.cfg-dist to somewhere reasonable (e.g.
/etc/denyhosts.cfg), modified it to my needs (added E-Mail etc.), I was able to test start DenyHost with:
sudo /opt/local/Library/Frameworks/Python.framework/Versions/2.6/bin/denyhosts.py --config=/etc/denyhosts.cfg
I’ve got a nice email telling me that, deducing from my
/var/log/secure.log some IPs were now added to
hosts.deny. Furthermore, some interesting data have been stored in
However, I prefer DenyHost to be running in daemon mode and to synchronize with data collected from the cloud, so I inserted
SYNC_SERVER = http://xmlrpc.denyhosts.net:9911 into
denyhosts.cfg and started DenyHost with some additional options:
sudo /opt/local/Library/Frameworks/Python.framework/Versions/2.6/bin/denyhosts.py --config=/etc/denyhosts.cfg --sync --daemon
And now I feel much more comfortable now.
- Preventing SSH Dictionary Attacks With DenyHosts
- Debian Linux Stop SSH User Hacking / Cracking Attacks with DenyHosts Software