Difference between revisions of "Denyhosts"

From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search
Line 15: Line 15:
  
 
== Faulty Denials ==
 
== Faulty Denials ==
If you get denied because you're fat-fingered or your automatic ssh login is configured wrong, you'll need to be removed from the denial list. First, shut down the denyhosts daemon via /etc/init.d/denyhosts stop. If the server is RHEL5, remove the entry for your computer from /etc/hosts.deny and /var/lib/denyhosts/hosts-restricted. If the server is CentOS5, remove the entry for your computer from /etc/hosts.deny and /usr/share/denyhosts/data/hosts-restricted.
+
If you get denied because you're fat-fingered or your automatic ssh login is configured wrong, you'll need to be removed from the denial list. Thankfully, we have a script at '/usr/local/bin/denyhosts-undeny.py' on all the machines running denyhosts. Just specify the host to undeny as the only argument, and it'll clean it all up for you. Currently, it only works on CentOS and RedHat, but it should be simple to add functionality for other distros.
 
 
UNCERTAIN:
 
You may also need to remove entries from /var/lib/denyhosts/sync-hosts.
 

Revision as of 20:24, 21 October 2009

Intro

We run a python script called "denyhosts.py" on our servers. This script looks at failed login attempts and if there are too many will deny all further access from that system.

Quick Install

The RPM is located at: einstein:/root/Packages/DenyHosts-2.6-python2.4.noarch.rpm

  1. Copy from einstein the /etc/denyhosts.conf file.
  2. Copy from einstein the /etc/sysconfig/denyhosts file.
  3. Copy from einstein the /usr/bin/denyhosts-control file.
  4. Copy from einstein the /etc/init.d/denyhosts file.
  5. Execute "chkconfig --add denyhosts; chkconfig --level 345 denyhosts on
  6. Start it up: service denyhosts start

Faulty Denials

If you get denied because you're fat-fingered or your automatic ssh login is configured wrong, you'll need to be removed from the denial list. Thankfully, we have a script at '/usr/local/bin/denyhosts-undeny.py' on all the machines running denyhosts. Just specify the host to undeny as the only argument, and it'll clean it all up for you. Currently, it only works on CentOS and RedHat, but it should be simple to add functionality for other distros.