How to use Denyhost to prevent SSH brute force cracking

About SSH login, as a qualified Linux operators are familiar can not be familiar with, we all know, the computer itself is exposed to the Internet is dangerous, of course, we do not because of our business less, the user is not much and have a lucky mind, lightly ; Most attacks on the internet are not purposeful, the hacker gods detected a possible bug host through a wide range of IP port scans and then cracked it by means of an automated scan tool, so how do we prevent the hacker's brute force from breaking, or write their own manual script to prevent brute force cracking + Task plan to implement, or through open source software to complete, denyhost is just such a tool, DenyHosts is a Linux system to prevent brute force to break the SSH password software, it is similar to the principle of DDoS deflate, can automatically deny excessive number of attempts to SSH login IP address, to prevent some of the internet machine to crack the password of the behavior of the year, can also prevent hackers to the SSH password to crack;

DenyHosts Block Attack principle

DenyHosts will automatically analyze security log files such as/var/log/secure, when the exception of the connection request, will automatically add its IP to the/etc/hosts.deny file, so as to prevent this IP continue to crack the possibility of violence. At the same time, denyhosts can also automatically solve the IP address that has been screened after a certain period of times, very intelligent.

Denyhost Installation Deployment:

1. See if the development environment meets

Rpm-qa | grep gcc

Rpm-qa | The reason Python wants to see Python is because the program is written in the Python language.

2. Download and install Denyhost, you can download the source code on the official website http://denyhosts.sourceforge.net/

Tar XF denyhosts-2.6.tar.gz

CD DenyHosts-2.6

Python setup.py Install

3. View modify configuration file;

cd/usr/share/denyhosts/

CP Denyhosts.cfg-dist Denyhosts.cfg

CP Daemon-control-dist Daemon-control

Vim Denyhosts.cfg

Sed-e '/^$/d '-e '/^#/d ' denyhosts.cfg

Secure_log =/var/log/secure Generated security log

Hosts_deny =/etc/hosts.deny denied IP address

This column more highlights: http://www.bianceng.cnhttp://www.bianceng.cn/Network/Security/

Purge_deny = 1h 1 hours automatic unlock, can be defined according to their own environment

Block_service = sshd Name of the service to be rejected

Deny_threshold_invalid = 5 The number of times an invalid user name entered the automatic lock block;

Deny_threshold_valid = 101 Valid username attempts are blocked after the number of times they are logged in

Deny_threshold_root = 2 ROOT attempts to log on how many times to block

deny_threshold_restricted = 1

Work_dir =/usr/share/denyhosts/data file storage path

Suspicious_login_report_allowed_hosts=yes

Hostname_lookup=yes whether to attempt to resolve the domain name of the source IP

Lock_file =/var/lock/subsys/denyhosts

############ these SETTINGS ARE OPTIONAL ############

Admin_email = Set Administrator's mailbox password

Smtp_host = localhost This is the address that SMTP points to

Smtp_port = Port of SMTP

Smtp_from = DenyHosts <nobody@localhost>

Smtp_subject = denyhosts

age_reset_valid=5d

age_reset_root=25d

age_reset_restricted=25d

age_reset_invalid=10d

######### These SETTINGS are ARE specific to DAEMON MODE ##########

Daemon_log =/var/log/denyhosts

Daemon_sleep = 30s

Daemon_purge = 1h

######### These SETTINGS are ARE specific to ##########

######### DAEMON Synchronization ##########

./daemon-control start configuration is complete and reboot is possible

4. Modified to boot up on the

Ln-s/usr/share/denyhosts/daemon-control/etc/init.d/denyhost

Chkconfig--add Denyhost

Chkconfig--level Denyhost on

Cat/etc/hosts.deny

/etc/rc.d/init.d/denyhost restart

5. Test

Find a test machine to simulate the test; and then view it in/etc/hosts.deny.

This article is from "Linux, virtualization" blog, please be sure to keep this source http://devliangel.blog.51cto.com/469347/1229800