Tutorials and How-tos/Prevent SSH Attacks with DenyHosts

From BubbaWiki
Jump to: navigation, search

Using SSH, you can manage your server from anywhere, but opening a port that accepts SSH connections makes your server an attractive target for all kinds of attacks. This includes brute force dictionary attacks when hackers try to get access to your system by trying different user names and passwords. DenyHosts can help you to deal with this type of attacks. This Python-based tool monitors SSH login actions, and when it detects multiple login failures coming from the same IP address, DenyHosts blocks it by adding the address to the /etc/hosts.deny list. Deploying DenyHosts on a B3 server is as easy as it gets.

Install the denyhosts package using the apt-get install denyhosts command. Once the installation is finished, the script starts automatically. You can also use the following commands to start, stop, and restart the script manually:

 /etc/init.d/denyhosts start
/etc/init.d/denyhosts stop
/etc/init.d/denyhosts restart

That's all there is to it. Once DenyHosts is up and running, it monitors SSH connection attempts, and blocks suspicious IP addresses by adding them to the /etc/hosts.deny file. To remove hosts in the hosts.deny file, run the denyhosts --purge command.