Stop trying to login through my ssh

Yesterday I got to annoyed on all the brute force attacks against my computers ssh-server. I know that I am definitely not alone. To prevent brute force attacks on ssh I installed denyhosts. Denyhosts log all login attempts logged in /var/log/auth.log and blocks IP-addresses that tries to login but fails repeatedly.

To install denyhosts on ubuntu you have to activate universe and then just select the denyhosts package. Then you are ready, the package starts the application automatically. No configuration needed. But, denyhosts have a nice feature that you can upload your blocked IP-addresses to a server on the net and download what addresses other blocks. This feature is not activated by default. To activate it remove the #-char from the line in /etc/denyhosts.conf:
#SYNC_SERVER = http://xmlrpc.denyhosts.net:9911

Then restart the server: sudo /etc/init.d/denyhosts restart

24h later denyhosts block more than 1400 IP-addresses.

Comments

Hans Persson said…
Sounds useful. Now installed.
Anonymous said…
Personally, I use fail2ban instead. It's on a slightly lower level (it uses iptables instead of /etc/hosts.deny), which can be seen as a feature :-).

I don't know if it has any remote IP address fetcher features, though.
Hans Persson said…
For me, ease of installation is a high priority. I especially like things like this when someone else tells me exactly how to install stuff I didn't even know I needed.

Popular posts from this blog

Circles in PostGIS

Create your own CA with TinyCA2 (part 1)

Create your own CA with TinyCA2 (part 2)