Skip to end of metadata
Go to start of metadata

You can install DenyHosts to help prevent SSH server attacks (also known as dictionary-based or brute-force attacks). DenyHosts runs as a service that watches for multiple failed login attempts from an IP address and then locks out that IP once it reaches the login threshold.

You can sync from public servers that block attacks from known malicious IP addresses.
At a Glance

How to run DenyHosts on a SmartMachine.

To configure DenyHosts for your SmartMachine: 

You can run DenyHosts manually, as a daemon or as a cron job.
  1. SSH into your SmartMachine and run this command:
  2. Open the configuration file for edit:
  3. Locate the following section:
  4. Remove the comment from the first SECURE_LOG line and add a comment to the second SECURE_LOG line:

    This will ensure DenyHosts is looking at the right logfile.

  5. Enable DenyHosts:
  6. Verify DenyHosts is running:

If successful, you should see something similar to this:

This will block any host with failed logins that exceed the thresholds set in the configuration file.

You can modify the configuration file to adjust the default thresholds for various failed logins (invalid user, valid user, root).
Labels:
brute brute Delete
force force Delete
denyhosts denyhosts Delete
dictionary-based dictionary-based Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.