Centos uses DenyHosts to prevent SSH brute force attacks

Nowadays, the Internet is very insecure. Many people use some scanners to scan the ssh port and try to connect to the ssh port for brute-force cracking (brute-force scanning). Therefore, we recommend that you use the vps host space, set a complex ssh logon password as much as possible, although I have introduced some time ago that Linux VPS prohibits an IP address from accessing the hosts. deny prohibits access from some IP addresses, but lacks functions. For example, if it cannot be automatically blocked, is there any better way to use the denyhosts software, it will analyze log files such as/var/log/secure (redhat, Fedora Core, when you find that the same IP address is used for multiple SSH password attempts, the IP address is recorded in/etc/hosts. deny file to automatically block the IP address.

DenyHosts Official Website: http://denyhosts.sourceforge.net/

1. Download DenyHosts and decompress it.

# Wgethttp: // www.centoscn.com/tool/DenyHosts-2.6.tar.gz
# Tar zxvf DenyHosts-2.6.tar.gz
# Cd DenyHosts-2.6

2. installation, configuration, and startup

# Python setup. py install
By default, it is installed in the/usr/share/denyhosts/directory and the configuration file is modified in the corresponding directory.

# Cd/usr/share/denyhosts/
# Cp denyhosts. cfg-dist denyhosts. cfg
# Cp daemon-control-dist daemon-control

The default settings are applicable to the centos system environment. You can run the vi command to view denyhosts. cfg and daemon-control, which have detailed explanations.
Run the following command to start the denyhosts program:
# Chown root daemon-control
# Chmod 700 daemon-control
#./Daemon-control start

If You Want To Enable Automatic startup of DenyHosts after each restart, you also need to make the following settings:
# Cd/etc/init. d
# Ln-s/usr/share/denyhosts/daemon-control denyhosts
# Chkconfig -- add denyhosts
# Chkconfig -- level 2345 denyhosts on
Or execute the following command to modify the/etc/rc. local file:
# Echo "/usr/share/denyhosts/daemon-control start">/etc/rc. local

Description of DenyHosts configuration file denyhosts. cfg:

SECURE_LOG =/var/log/secure

# Sshd log file, which is determined based on this file. The file names vary slightly in different operating systems.

HOSTS_DENY =/etc/hosts. deny

# Control user login files

PURGE_DENY = 5 m

# How long will it take to clear prohibited

BLOCK_SERVICE = sshd

# Forbidden service name

DENY_THRESHOLD_INVALID = 1

# Number of failed invalid Users Allowed

DENY_THRESHOLD_VALID = 10

# Number of failed login attempts allowed for common users

DENY_THRESHOLD_ROOT = 5

# Number of root Login failures allowed

HOSTNAME_LOOKUP = NO

# Whether domain name resolution is performed

DAEMON_LOG =/var/log/denyhosts

For more information, see the built-in README text file. After the VPS is maintained, it will save some effort. However, VPSer has noticed that the security is relative and there is no absolute security, check your VPS host regularly or irregularly, and back up your data regularly.