Install denyhosts in Ubuntu to prevent brute-force SSH cracking.

Source: Internet
Author: User
Scanning the Internet is common. To prevent brute-force cracking of ssh accounts and passwords, install denyhosts in Ubuntu to enhance system security. 1. Install sudoapt-getinstalldenyhosts2. Configure/etc/denyhosts. conf. For details, see the sshd logon log file. Different systems are different. SECURE_LOG =/var/log/auth. log File HO

Scanning the Internet is common. To prevent brute-force cracking of ssh accounts and passwords, install denyhosts in Ubuntu to enhance system security.

1. Install
Sudo apt-get install denyhosts

2. Configure/etc/denyhosts. conf. Content reference:

Sshd logon log file. Different systems are different.
SECURE_LOG =/var/log/auth. log

Files restricted by host access
HOSTS_DENY =/etc/hosts. deny


Remove Old entries that have exceeded the following time in HOSTS_DENY
PURGE_DENY = 1 w

Blocked service. The default value is sshd, which can be set to other or all.
BLOCK_SERVICE = sshd

When the attempt to log on to the host using an invalid user fails more than the following times
DENY_THRESHOLD_INVALID = 3

For Valid users
DENY_THRESHOLD_VALID = 4

For root users
DENY_THRESHOLD_ROOT = 1

For Restricted Users
DENY_THRESHOLD_RESTRICTED = 1

DenyHosts is used to write data. You can see the records hosts, hosts-root, offset, users-hosts, users-valid, hosts-restricted, hosts-valid, suspicious-logins, and users-invalid.
WORK_DIR =/var/lib/denyhosts

When YES, if the permitted host is considered suspicious during login, the host is recorded. When the value is NO, if the permitted host is considered suspicious during login, the host is not recorded. All suspicious logins to hosts outside the permitted host range will be recorded.
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS = YES

Reverse Domain Name explanation
HOSTNAME_LOOKUP = NO

This file exists, indicating that Denyhosts is running. It is used to ensure that only one instance is running at a time.
LOCK_FILE =/var/run/denyhosts. pid

Administrator EMail
ADMIN_EMAIL = root @ localhost

SMTP host settings. If you have SMTP service support, you can send an email to the Administrator.
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = DenyHosts
SMTP_SUBJECT = DenyHosts Report

If no logon attempt fails within the specified time, the failure count of the host is reset to 0. This value applies to logon attempts by all valid users (in/etc/passwd) except root. If not defined, this count will never be reset.
AGE_RESET_VALID = 5d

For root users
AGE_RESET_ROOT = 25d

For Restricted Users
AGE_RESET_RESTRICTED = 25d

For invalid users (not in/etc/passwd)
AGE_RESET_INVALID = 1 w

When the logon is successful, set the logon Failure count to 0. The default value is NO.
# RESET_ON_SUCCESS = yes

Denyhosts logs are left empty when running in the later mode.
# DAEMON_LOG =/var/log/denyhosts

The interval between each log file read when the log file is run in the later mode.
DAEMON_SLEEP = 30 s

When running in later mode, the clearing Mechanism terminates the old entry interval in HOSTS_DENY.
DAEMON_PURGE = 1 h

3. Restart Denyhosts
Sudo/etc/init. d/denyhosts restart

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.