Protection server SSH Dictionary Attacks
If you are running a Linux VPS, you’ll notice that bots will try to gain illegitimate access to your server through ssh. While this unsettles a lot of people, there’s really nothing to worry about as long as you don’t permit root logins (Many Linux distributions allow direct root login via ssh by default) and have a strong password policy.
DenyHosts monitors the authentication log for recent failed login attempts. It records information about their originating IP addresses and compares the number of invalid attempts to a user-specified threshold. If there have been too many invalid attempts it assumes a dictionary attack is occurring and prevents the IP address from making any further attempts by adding it to
on the server.
DenyHosts 2.0 and later supports centralized synchronization, so that repeated offenders are blocked from many computers. Denyhosts.net gathers statistical information from machines that are running the software.
DenyHosts may be run manually, as a daemon, or as a Cron job.
Installing DenyHosts on a FreeBSD VPS server
1. In order to install DenyHosts run the command as root:
# cd /usr/ports/security/denyhosts && make install clean
2. Open /etc/rc.conf to add the lines
3. Edit /etc/hosts.allow and add the lines
sshd : /etc/hosts.deniedssh : deny
sshd : ALL : allow
4. Make sure that the hosts.deniedssh file exists and has correct permissions:
chmod 644 /etc/hosts.deniedssh
chown root:wheel /etc/hosts.deniedssh
# /usr/local/etc/rc.d/denyhosts start
Installing DenyHosts on Debian VPS
1. cd /tmp
2. Download the archive
3. Unpack tarball using the command
tar -xzf DenyHosts-2.6.tar.gz
4. Enter the root directory
python setup.py install
6. Create the /usr/share/denyhosts/denyhosts.cfg configuration file. We can use the sample configuration file /usr/share/denyhosts/denyhosts.cfg-dists:
cp denyhosts.cfg-dist denyhosts.cfg
Edit denyhosts.cfg with your favourite editor, such as vi.
7. If you want to run DenyHosts as a daemon, you will need the daemon control script /usr/share/denyhosts/daemon-control. You can use the sample script /usr/share/denyhosts/daemon-control-dist to create the file:
cp daemon-control-dist daemon-control
8. Edit /usr/share/denyhosts/daemon-control and make sure you set the correct values for DENYHOSTS_BIN, DENYHOSTS_LOCK, and DENYHOSTS_CFG. For Debian:
DENYHOSTS_BIN = “/usr/bin/denyhosts.py”
DENYHOSTS_LOCK = “/var/run/denyhosts.pid”
DENYHOSTS_CFG = “/usr/share/denyhosts/denyhosts.cfg”
9. Make this file executable:
chown root daemon-control
chmod 700 daemon-control
Create the system bootup links to start DenyHosts automatically when the system is booted:
ln -s /usr/share/denyhosts/daemon-control denyhosts
update-rc.d denyhosts defaults
10. Start DenyHosts: