Home > Cloud Computing > Cloud Applications

Install denyhosts in Ubuntu to prevent brute-force SSH cracking.

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
Scanning the Internet is common. To prevent brute-force cracking of ssh accounts and passwords, install denyhosts in Ubuntu to enhance system security. 1. Install sudoapt-getinstalldenyhosts2. Configure/etc/denyhosts. conf. For details, see the sshd logon log file. Different systems are different. SECURE_LOG =/var/log/auth. log File HO

Scanning the Internet is common. To prevent brute-force cracking of ssh accounts and passwords, install denyhosts in Ubuntu to enhance system security.

1. Install
Sudo apt-get install denyhosts

2. Configure/etc/denyhosts. conf. Content reference:

Sshd logon log file. Different systems are different.
SECURE_LOG =/var/log/auth. log

Files restricted by host access
HOSTS_DENY =/etc/hosts. deny


Remove Old entries that have exceeded the following time in HOSTS_DENY
PURGE_DENY = 1 w

Blocked service. The default value is sshd, which can be set to other or all.
BLOCK_SERVICE = sshd

When the attempt to log on to the host using an invalid user fails more than the following times
DENY_THRESHOLD_INVALID = 3

For Valid users
DENY_THRESHOLD_VALID = 4

For root users
DENY_THRESHOLD_ROOT = 1

For Restricted Users
DENY_THRESHOLD_RESTRICTED = 1

DenyHosts is used to write data. You can see the records hosts, hosts-root, offset, users-hosts, users-valid, hosts-restricted, hosts-valid, suspicious-logins, and users-invalid.
WORK_DIR =/var/lib/denyhosts

When YES, if the permitted host is considered suspicious during login, the host is recorded. When the value is NO, if the permitted host is considered suspicious during login, the host is not recorded. All suspicious logins to hosts outside the permitted host range will be recorded.
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS = YES

Reverse Domain Name explanation
HOSTNAME_LOOKUP = NO

This file exists, indicating that Denyhosts is running. It is used to ensure that only one instance is running at a time.
LOCK_FILE =/var/run/denyhosts. pid

Administrator EMail
ADMIN_EMAIL = root @ localhost

SMTP host settings. If you have SMTP service support, you can send an email to the Administrator.
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = DenyHosts
SMTP_SUBJECT = DenyHosts Report

If no logon attempt fails within the specified time, the failure count of the host is reset to 0. This value applies to logon attempts by all valid users (in/etc/passwd) except root. If not defined, this count will never be reset.
AGE_RESET_VALID = 5d

For root users
AGE_RESET_ROOT = 25d

For Restricted Users
AGE_RESET_RESTRICTED = 25d

For invalid users (not in/etc/passwd)
AGE_RESET_INVALID = 1 w

When the logon is successful, set the logon Failure count to 0. The default value is NO.
# RESET_ON_SUCCESS = yes

Denyhosts logs are left empty when running in the later mode.
# DAEMON_LOG =/var/log/denyhosts

The interval between each log file read when the log file is run in the later mode.
DAEMON_SLEEP = 30 s

When running in later mode, the clearing Mechanism terminates the old entry interval in HOSTS_DENY.
DAEMON_PURGE = 1 h

3. Restart Denyhosts
Sudo/etc/init. d/denyhosts restart

 

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
brute force cracking brute force cracking software how to install ssh client on ubuntu install ssh ubuntu how to use ssh command in ubuntu how to check ssh service in ubuntu how to restart ssh service in ubuntu
Related Article
Ingenious, Webapi httpbasicauthorize the practice of building...
Enable cross-Cloud applications-DNS-based load balancing
10 cloud applications recommended for web designers and devel...
Enable dazzling 3D desktop effects (group chart) in Fedora8)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More