Install DenyHosts on Ubuntu

28/12/2020

Install and Configure DenyHosts on Ubuntu

DenyHosts is a python script which allows or denies access to SSH server using /etc/hosts.allow and /etc/hosts.deny file of Linux, Mac or BSD based operating systems.

In this article, I will show you how to install DenyHosts on Ubuntu and how to configure it. Let’s get started.

Installing DenyHosts

To get DenyHosts to work, you must have SSH server installed on your Ubuntu machine. SSH server is available on the official package repository of Ubuntu.

First update the package repository cache using the following command:

$ sudo apt-get update

To install SSH server, run the following command.

$ sudo apt-get install openssh-server -y

Install DenyHosts UbuntuInstall DenyHosts UbuntuInstall DenyHosts Ubuntu

DenyHosts is available on the official Ubuntu package repository as well. To install DenyHosts, run the following command.

$ sudo apt-get install denyhosts

Press ‘y’ and then press <Enter> to continue.

DenyHosts should be installed.

Configuring DenyHosts

The configuration file of DenyHosts in Ubuntu is /etc/denyhosts.conf

To edit the configuration file of DenyHosts, run the following command:

$ sudo nano /etc/denyhosts.conf

Or

$ sudo vim /etc/denyhosts.conf

This is how the configuration file of DenyHosts looks like.

Now let’s look at some of the properties in DenyHosts configuration file and how they work.

DENY_THRESHOLD_INVALID

This option is responsible for blocking SSH logins for user accounts that do not exist on the system. The default value is 5. What that means is, let’s say someone is trying to login to the SSH server as different guessed usernames. If the attempt is in total more than 5 times, then the IP address of the computer trying to establish a connection will be appended to the /etc/hosts.deny file, thus the computer won’t be able to connect to the SSH server till it’s removed from the /etc/hosts.deny file.

You can see from the screenshot below that the IP address of my denyhosts-server is 192.168.10.66

The IP address of the other computer I will try to connect to the denyhosts-server is 192.168.10.92

Now I am going to try to connect to the server as baduser. Note that the user baduser does not exists in the denyhosts-server.

$ ssh baduser@192.168.10.66

As you can see, I had tried to login 3 times and each attempt failed.

I am trying serveral more times. As you can see, on the 6th attempt, I get ‘Connection closed by remote host’ message. It means my IP address has been blocked by DenyHosts.

Now if you read the contents of the /etc/hosts.deny file with the following command:

$ sudo cat /etc/hosts.deny

You should see the IP address of the computer you tried to login as non-existent user baduser there. So DenyHosts is working perfectly.

DENY_THRESHOLD_VALID

This option is same as DENY_THRESHOLD_INVALID. The only difference is that, DENY_THRESHOLD_VALID applies to existing users on the denyhosts-server machine. That is, if login attempts for existing users fail 10 times (the default value), the IP address of the machine trying to establish a connection will be appended to the /etc/hosts.deny file. So the machine trying to connect won’t be allowed to connect to the server anymore.

DENY_THRESHOLD_ROOT

Same as the other two options. But it applies to only invalid root login. The default value is 1. It means, if someone tries to connect to the denyhosts-server as root and fails once, his/her IP address will be appended to the /etc/hosts.deny file. So he/she won’t be able to connect to the server anymore.

HOSTNAME_LOOKUP

By default, on Ubuntu, DenyHosts won’t resolve hostnames. That is, the IP addresses won’t be converted to hostnames. But if you need to resolve hostnames to IP address and so on, set HOSTNAME_LOOKUP to YES and save the file.

AGE_RESET_VALID

AGE_RESET_VALID tells DenyHosts after how much time the failed login attempts for existing user will be reset to 0.  The default value is 5 days. That is, if someone tries to login on day 1, and then wait for 5 days and try to login again, DenyHosts won’t put them on the /etc/hosts.deny file.

AGE_RESET_ROOT

Same as AGE_RESET_VALID but only applies to invalid root logins. The default value is 25 days.

AGE_RESET_INVALID

Same as AGE_RESET_VALID, but applies to only failed login attempts of non-existing users of the denyhosts-server machine.

There are more options. But these are out of the scope of this article. Please take a look at the official website of DenyHosts at http://denyhosts.sourceforge.net for more information.

That’s how you install and Configure DenyHosts on Ubuntu. Thanks for reading this article.

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

Ubuntu Print Screen

Windows is perhaps the easiest and the most user-friendly interfaces I have ever come across. Its usage reminds us of how...
29/12/2020

Test Drive Ubuntu 17.10 Server Distro on DigitalOcean

DigitalOcean is a cloud services provider that is quick to setup and easy to manage.  This makes it the perfect choice for...
12/02/2020

How to Install Ubuntu Server 18.04 LTS

Ubuntu Server is a great server operating system. It is based on Debian. It is easy to use for beginners. It is free. But...
29/12/2020
Bài Viết

Bài Viết Mới Cập Nhật

Mua Proxy V6 Nuôi Facebook Spam Hiệu Quả Tại Onetcomvn
03/06/2024

Hướng dẫn cách sử dụng ProxyDroid để duyệt web ẩn danh
03/06/2024

Mua proxy Onet uy tín tại Onet.com.vn
03/06/2024

Thuê mua IPv4 giá rẻ, tốc độ nhanh, uy tín #1
28/05/2024

Thuê địa chỉ IPv4 IPv6 trọn gói ở đâu chất lượng, giá RẺ nhất?
27/05/2024