DenyHosts is a tool written in Python that allows you to monitor connections to a ssh server, and block people via their IP address, after a number of bad attempts.
Installation on Ubuntu server is very simple:
sudo apt-get install denyhosts
Once installed, you must modify the tool's configuration. Editer /etc/denyhosts.conf file.
Inside the file, it is possible to change a few little useful parameters:
- DENY_THRESHOLD_INVALID = 5, is the option to define after how many attempts the access is blocked.
- ADMIN_EMAIL = root@localhost, will be the email address of the server administrator.
- SMTP_HOST = localhost, can be changed to use an SMTP relay (your ISP)
- SMTP_FROM = DenyHosts , is the address of the person who will be seen as having sent the mail
- SYSLOG_REPORT=YES, to show DenyHosts messages in the syslog from the machine (the option is not enabled by default. We need to uncomment the line in the configuration file)
Logs and banned servers
Logs are located on /var/log/denyhosts file.
When DenyHosts blocks a distant machine, it adds a line on /etc/hosts.deny file, with the IP address of the server, and the services we've choose to ban on configuration file /etc/denyhosts.conf