Comments on: Denyhosts is a must have if you run secure shell

By: Phil Schwartz

Phil Schwartz — Mon, 20 Feb 2006 22:59:38 +0000

DenyHosts 2.x added synchronization mode such that attacks to your server will (optionally) be uploaded to the central DenyHosts server. Attacks to other servers will (optionally) be downloaded by your DenyHosts instance.
http://www.denyhosts.net/sync.html

Also, DenyHosts can add entries to a file other than /etc/hosts.deny such as /etc/hosts.denyhosts. Such that entries will not conflict with any local rules.
http://www.denyhosts.net/faq.html#aux

Phil

By: Phil Schwartz

Phil Schwartz — Mon, 20 Feb 2006 22:58:30 +0000

DenyHosts 2.x added synchronization mode such that attacke to your server will (optionally) be uploaded to the central DenyHosts server. Attacke to other servers will (optionally) be downloaded by your DenyHosts instance.
http://www.denyhosts.net/sync.html

Also, DenyHosts can add entries to a file other than /etc/hosts.deny such as /etc/hosts.denyhosts. Such that entries will not conflict with any local rules.
http://www.denyhosts.net/faq.html#aux

Phil

By: Big Ray

Big Ray — Wed, 10 Aug 2005 15:28:13 +0000

The only problem I have with DenyHosts is that if you already have a hosts.deny file with items in it, there doesn’t seem to be a way to put the ssh deny rules at the top of the file. If you have rules that contradict the DenyHosts entries they will show up above the DenyHosts stuff and cancel them out.

By: Andrew

Andrew — Wed, 10 Aug 2005 11:58:02 +0000

Sounds like an ugly, pointless hack to me. If they’re not getting in, what’s the problem? There’s only 1 attempt every 5-10 seconds. It would take them an eternity to guess anything.