Cloud VPS [Ubuntu]: Managing Denyhosts

Installed on all Ubuntu VPS servers is DenyHosts, a log-based intrusion prevention security tool for SSH servers written in Python. It is intended to prevent brute force attacks on SSH servers by monitoring invalid login attempts in the authentication log and blocking the originating IP addresses.

If you have difficulties connecting to your VPS server via SSH from a specific IP, it may be blocked by Denyhosts. To check the list of blocked IP addresses, review the following file:

/etc/hosts.deny

If you see an IP in the list that you would like to allow SSH access from, use the steps below to remove the IP address from the list of blocked addresses:

  1. Connect to your server via SSH (if you are unable to SSH, please contact support)
  2. Stop DenyHosts - sudo /etc/init.d/denyhosts stop
  3. Remove the IP address from /etc/hosts.deny
  4. Edit /var/lib/denyhosts/hosts and remove the lines containing the IP address. Save the file.
  5. Edit /var/lib/denyhosts/hosts-restricted and remove the lines containing the IP address. Save the file.
  6. Edit /var/lib/denyhosts/hosts-root and remove the lines containing the IP address. Save the file.
  7. Edit /var/lib/denyhosts/hosts-valid and remove the lines containing the IP address. Save the file.
  8. Edit /var/lib/denyhosts/user-hosts and remove the lines containing the IP address. Save the file.
  9. Start DenyHosts- sudo /etc/init.d/denyhosts start

To whitelist an IP address so it is not blocked by Denyhosts, please add the IP to the following file:

/etc/hosts.allow

For example:

sshd: 127.0.0.1

For more information, please visit http://denyhosts.sourceforge.net/

Add Feedback