DenyHosts

From Wikipedia, the free encyclopedia

DenyHosts is a Python based security tool for SSH servers. It is intended to prevent brute force attacks on SSH servers by monitoring invalid login attempts in the authentication log and blocking the originating IP addresses. Denyhosts is developed by Phil Schwartz the developer of several other popular open source tools such as Kodos and ReleaseForge.

Fail2ban is a similar program that prevents SSH brute force attacks.

[edit] Operation

When run as a cron job, DenyHosts checks the end of the authentication log for recent failed login attempts. It records information about their originating IP addresses and compares the number of invalid attempts to a user-specified threshold. If there have been too many invalid attempts it assumes a dictionary attack is occurring and prevents the IP address from making any further attempts by adding it to /etc/hosts.deny on the server. DenyHosts 2.0 and above support centralized synchronization, so that repeat offenders are blocked from many computers.

Additionally, DenyHosts provides a daemon mode running from /etc/init.d or equivalent on unix-like operating systems.

[edit] See also

• TCP Wrappers
• OpenSSH
• lsh
• BlockHosts

[edit] External links

• DenyHosts website
• DenyHosts statistics and centrally blocked hosts
• The homepage of Phil Schwartz
• ReleaseForge is a GUI for SourceForge project administrators
• Kodos is a Regular Expression debugger
• Fail2ban website