(linux_command_line)-> (Parent)->Deny hosts version
submited by Russell Sun 19 Feb 06
Right now, I'm using DenyHosts-0.8.1.tar.gz
On two different fedora boxes. I see that it has updated a lot recently. If I have time, I will look into upgrading. but 0.8.1 has been fine for me. It blocks lots of obious ssh brute force attacks.
I had a problem in the whitebox build (RHEL sources) where I kept getting locked out, because it was too strict, ( and I guess, I can't type my own password consitantly :-) so I took the white box ssh port off of the firewall and changed my office config so that I have to ssh into a fedora box and then to the Whitebox server, if I need to get to it. This way, I can mistype the password as much as I want while I am physicaly in the office.
The other thing you MUST do for security, (I forget if this is the default under these systems) is turn off ssh logins to root:
Because lots of the ssh attacks I get are attempts at root logins. The rest are to random usernames, so since root is the only existing username that they seem to try, turning off root logins greatly reduces the chance the attackers could get in.
But I was running Deny hosts 0.8.1 on the Whitebox server. It runs the same as fedora, the ssh failures go into /var/log/secure.
I hope this helps,
Add comment or question...: