Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: HOWTO: Using denyhosts.py to automatically block invalid SSH login attempts

  1. #1
    Join Date
    Nov 2004
    Location
    Las Vegas
    Beans
    329
    Distro
    Ubuntu 6.06

    HOWTO: Using denyhosts.py to automatically block invalid SSH login attempts

    Ok, so someone out there if trying to connect to your machine through SSH (brute force against common login names like "john, owen, claire, etc"). Not sure people are trying to get into your machine? Why don't you check?:
    echo `cat /var/log/auth.log|grep sshd|grep "Invalid user"|wc -l` invalid SSH login attempts

    Your password is secure right? They don't guess your username, right? Well, it doesn't hurt to block them anyway, and now it's easy thanks to denyhosts.py!

    Here's a quick overview of how to get to my setup:
    1. Download denyhosts-0.6.0.tar.gz from http://sourceforge.net/project/showf...roup_id=131204
    2. Extract downloaded file using file-roller or tar -xzvf denyhosts-0.6.0.tar.gz
    3. Copy denyhosts.py to /usr/bin
      sudo cp denyhosts.py /usr/bin
      and sudo chmod 755 /usr/bin/denyhosts.py
    4. denyhosts.cfg-dist is the default config, you can use mine below for some decent default options, put this in /etc/denyhosts.cfg
      Code:
      # SECURE_LOG: the log file that contains sshd logging info
      SECURE_LOG = /var/log/auth.log
      
      # HOSTS_DENY: the file which contains restricted host access information
      HOSTS_DENY = /etc/hosts.deny
      
      # BLOCK_SERVICE: the service name that should be blocked in HOSTS_DENY
      # man 5 host_access for details
      #
      BLOCK_SERVICE = ALL
      # To block only sshd:
      #BLOCK_SERVICE  = sshd   
      
      # DENY_THRESHOLD: block each host after the number of failed login
      # attempts has exceeded this value.
      DENY_THRESHOLD = 5
      
      # WORK_DIR: the path that DenyHosts will use for writing data to
      # (it will be created if it does not already exist).       
      WORK_DIR = denyhosts
      
      # SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES|NO
      # If set to YES, if a suspicious login attempt results from an allowed-host
      # then it is considered suspicious.  If this is NO, then suspicious logins 
      # from allowed-hosts will not be reported.  All suspicious logins from 
      # ip addresses that are not in allowed-hosts will always be reported.
      SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=NO
      
      # HOSTNAME_LOOKUP=YES|NO
      # If set to YES, for each IP address that is reported by Denyhosts,
      # the corresponding hostname will be looked up and reported as well
      # (if available).
      HOSTNAME_LOOKUP=YES
      
      # ADMIN_EMAIL: if you would like to receive emails regarding newly
      # restricted hosts and suspicious logins, set this address to 
      # match your email address.  If you do not want to receive these reports
      # leave this field blank (or run with the --noemail option)
      ADMIN_EMAIL = root
      
      SMTP_HOST = localhost
      SMTP_PORT = 25
      SMTP_FROM = DenyHosts@localhost.localdomain
      SMTP_SUBJECT = DenyHosts Report
    5. Let's test it: sudo denyhosts.py -c /etc/denyhosts.cfg
    6. Now we add it to root's crontab to run periodically:
      export EDITOR=nano (Optional, some systems open vi, pico's a little simpler)
      sudo crontab -e
      Code:
      0,20,40 * * * * /usr/bin/denyhosts.py -c /etc/denyhosts.cfg


    This howto was inspired by http://rootprompt.org/article.php3?article=8735

    Be forwarned, if you mistype your password too many times, you could lock one of your own computers out

    It wouldn't hurt to look over the FAQ for denyhosts.py either: http://denyhosts.sourceforge.net/faq.html
    Computer science has as much to do with computers as astronomy has to do with telescopes.
    - Edsger Wybe Dijkstra


    Intangible's Desktop

  2. #2
    Join Date
    Apr 2005
    Beans
    104
    Distro
    Ubuntu 12.10 Quantal Quetzal

    Re: HOWTO: Using denyhosts.py to automatically block invalid SSH login attempts

    DenyHosts version 1.1.3 allows you to run daemon rather than cron using the --daemon flag.

    M

  3. #3
    Join Date
    Oct 2005
    Beans
    46

    Re: HOWTO: Using denyhosts.py to automatically block invalid SSH login attempts

    1.1.4 is out now. Anyone get it to work? Ive been trying all morning.
    Seems like a cool concept.
    Laterz

  4. #4
    Join Date
    Oct 2005
    Beans
    46

    Re: HOWTO: Using denyhosts.py to automatically block invalid SSH login attempts

    Got it working. Definately use the tar. The directory you put your config file in is the one you have to have the extra scripts in. Then you can add the daemon control to init.d and set your links in runlevels. Dont forget to edit your config before launching. Thanks for the howto.
    Laterz

  5. #5
    Join Date
    Dec 2005
    Location
    Acireale (Sicily)
    Beans
    61
    Distro
    Ubuntu 9.04 Jaunty Jackalope

    Re: HOWTO: Using denyhosts.py to automatically block invalid SSH login attempts

    How do I know if some a55h013 has found my password by brute force?

  6. #6
    Join Date
    Nov 2005
    Beans
    47

    problem

    i followed this HOWTO
    and received this error

    user@foxhole:~/DenyHosts-1.1.4$ sudo denyhosts.py -c /etc/denyhosts.cfg
    Traceback (most recent call last):
    File "/usr/bin/denyhosts.py", line 5, in ?
    import DenyHosts.python_version
    ImportError: No module named DenyHosts.python_version

    any know whats going on ?
    thanks

  7. #7
    Join Date
    Jan 2006
    Beans
    182
    Distro
    Ubuntu Karmic Koala (testing)

    Re: HOWTO: Using denyhosts.py to automatically block invalid SSH login attempts

    d
    Last edited by DigitalDuality; July 6th, 2009 at 08:44 PM.

  8. #8
    Join Date
    Aug 2007
    Location
    Sweden
    Beans
    60
    Distro
    Xubuntu 11.10 Oneiric Ocelot

    Re: HOWTO: Using denyhosts.py to automatically block invalid SSH login attempts

    Only step missing in the howto to make it current is the...

    Code:
    sudo python setup.py install
    ...needed to get the stuff in place. Besides that, it works. Thanks for the tip

  9. #9
    Join Date
    Nov 2008
    Location
    Sheffield, UK
    Beans
    1,516
    Distro
    Ubuntu

    Re: HOWTO: Using denyhosts.py to automatically block invalid SSH login attempts

    this is really old.

    now you just

    Code:
    sudo apt-get install denyhosts

  10. #10
    Join Date
    Aug 2012
    Beans
    59

    Re: HOWTO: Using denyhosts.py to automatically block invalid SSH login attempts

    Quote Originally Posted by SlugSlug View Post
    this is really old.

    now you just

    Code:
    sudo apt-get install denyhosts
    thanks for the update

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •