Bug#338694: RFP: Denyhosts -- Denyhosts is a simple script that intends to prevent SSH brute force login attempts. It does this by determines which hosts have unsuccessfully attempted to gain access to the ssh server. Additionally, it notes the user and whether or not that user is root, otherwise valid (eg. has a system account) or invalid (eg. does not have a system account).
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: Bug#338694: RFP: Denyhosts -- Denyhosts is a simple script that intends to prevent SSH brute force login attempts. It does this by determines which hosts have unsuccessfully attempted to gain access to the ssh server. Additionally, it notes the user and whether or not that user is root, otherwise valid (eg. has a system account) or invalid (eg. does not have a system account).
- From: Ted O'Hayer <tohayer@gmail.com>
- Date: Sat, 12 Nov 2005 00:06:55 -0500
- Message-id: <[🔎] E1EanbM-0000XR-00@firebird>
- Reply-to: Ted O'Hayer <tohayer@gmail.com>, 338694@bugs.debian.org
Package: wnpp
Severity: wishlist
* Package name : DenyHosts
Version : 1.1.2
Upstream Author : Phil Schwartz
* URL : http://denyhosts.sourceforge.net
* License : GPL
Description : DenyHosts is a simple script that intends to prevent SSH/Telnet brute force login attempts.
When run for the first time, DenyHosts will create a work directory. The work directory will ultimately store the
data collected and the files are in a human readable format, for each editing, if necessary.
DenyHosts then processes the sshd server log (typically, this is /var/log/secure, /var/log/auth.log, etc) and
determines which hosts have unsuccessfully attempted to gain access to the ssh server. Additionally, it notes the
user and whether or not that user is root, otherwise valid (eg. has a system account) or invalid (eg. does not have a
system account).
When DenyHosts determines that a given host has attempted to login using a non-existent user account a configurable
number of attempts (this is known as the DENY_THRESHOLD_INVALID), DenyHosts will add that host to the /etc/hosts.deny
file. This will prevent that host from contacting your sshd server again.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i586)
Kernel: Linux 2.4.18-bf2.4
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Reply to: