Jump to content

Limit Ssh Attempts On Your Box With Denyhosts

Mike Gibbs

Recommended Posts

If your *nix box has a public IP address then chances are that it will have many ssh login attempts. You can easily limit the chances of someone guessing the correct password by installing Denyhosts.

The program denyhosts keeps track of how many attempts are made and if a configurable amount have failed for a certain IP address then it is automatically blacklisted.

Installing DenyHosts on CentOS or Redhat

Install the EPEL repository and YUM priorities

# rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm

# yum install yum-priorities

Now install Denyhosts

# yum install denyhosts

Finally add it to start-up and initiate the process.

# chkconfig denyhosts on

# service denyhosts start

Any configuration can be made by editing the configuration file located at /etc/denyhosts.conf

You can watch the IPs of attackers as they get blacklisted in the file /etc/host.deny

# tail -f -n 50 /etc/hosts.deny

Link to comment
Share on other sites

Blocking an IP address is certainly an effective way, but not an easy way to manage.

You could minimize the attack attempts, by changing the default port or implementing port knocking which will be a lot more effective at stopping a script kiddie or a bot.

Also for authentication, I would implement a 2 authentication using certificates, rather than using passwords.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...