denyhosts + tcp wrappers?
Hello,
Has anyone installed and configured DenyHosts
(http://denyhosts.sourceforge.net) so that it uses tcp wrappers on
debian? I've read this blog:
http://tdot.blog-city.com/securing_ssh_with_denyhosts.htm but there are
differences in the files/paths used on debian and what the blog-author
uses. I've plugged along but I'm not sure if I have denyhosts
configured right.
I'm running:
debian: etch
kernel: 2.6.18-4-686
denyhosts: 2.6
Here are the main settings I've used to get denyhosts working (?):
/etc/denyhosts.conf
SECURE_LOG = /var/log/auth.log
HOSTS_DENY = /etc/hosts.blocked
BLOCK_SERVICE=sshd
DENY_THRESHOLD_INVALID=3
DENY_THRESHOLD_VALID=3
DENY_THRESHOLD_ROOT=3
DENY_THRESHOLD_RESTRICTED=3
AGE_RESET_INVALID=5m
AGE_RESET_VALID=5m
AGE_RESET_ROOT=5m
AGE_RESET_RESTRICTED=5m
/etc/hosts.deny
sshd:/etc/hosts.blocked
sshd:ALL:spawn /usr/sbin/denyhosts --purge -c /etc/denyhosts.conf:allow
The thing is, if I attempt to login via SSH using a bad
username/password 3 times, there's a delay of approx 5-10 seconds before
my IP address shows up in /etc/hosts.blocked. I thought that by using
tcp wrappers, denyhosts would put the IP into /etc/hosts.blocked much
quicker than that.
Also, if I change /etc/hosts.deny with the intention of blocking access
to ALL services to IPs listed in /etc/hosts.blocked, denyhosts stops
working as above. Here's what I changed /etc/hosts.deny to:
/etc/hosts.deny
ALL:/etc/hosts.blocked
sshd:ALL:spawn /usr/sbin/denyhosts --purge -c /etc/denyhosts.conf:allow
If anyone can advise or post the relevant sections of their working
config I'd appreciated it.
Thanks,
Craig.
Reply to: