tags: howtoforge

DenyHosts for brute force SSH login attacks

I’m using a few hosts for my joy. I can also log into these hosts from outside of my home via Internet. This is very useful ! I only uses SSH for my safety and other port have been closed, so many of threat is shut out. But many brute-force attackers try to log into my server via SSH day by day. This useless trial is very noisy. Many of them feels so same like me. So, let me write about denyhosts. HowToForge writes good article. I’ve referred this article. I’m using Scientific Linux 6.0 (x86_64). So first, I enabled epel repository. Please refer this wiki page how to enable epel repository. This article also works with Scientific Linux. and, install denyhosts. # yum install denyhosts Default configuration file (/etc/denyhosts.conf) is suit for SSH limitation. If you only want to limit SSH login trial, leave it default. finally, enable denyhosts and start it. # chkconfig denyhosts on # service denyhosts start That’s it. If your server experienced brute force attack, you’ll got mail like this. From: DenyHosts nobody@loginserver.myhome To: root@loginserver.myhome Subject: DenyHosts Report from loginserver.myhome Date: Mon, 30 May 2011 21:15:43 +0900 Added the following hosts to /etc/hosts.deny: xxx.xxx.xxx.xxx (unluckyserver.domainname) ———————————————————————-