denyhosts ignoring /etc/hosts.allow
Solution 1
You have both of those uncommented, so it's leading me to believe that denyhosts is using /etc/hosts.allow
. Comment out the second HOSTS_DENY
line and restart denyhosts.
If you still get the emails, you need to add SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS = NO
to your denyhosts.conf file. This requires DenyHosts 0.6 or higher. See this for details.
You'll also need to create an allowed-hosts
file with your trusted IP addresses, one per line. This goes in the same folder defined by WORK_DIR
in the configuration.
Solution 2
You need to comment out the HOSTS_DENY = /etc/hosts.allow
line, since you are on Ubuntu and not on a BSD box.
Then, you need to understand how the hosts.(allow|deny)
files are processed. Services which use these files always check hosts.allow
before hosts.deny
and stop at the first match. So, if you grant an IP address access in your hosts.allow
file, access will be granted regardless of the contents of hosts.deny
. You don't need to care if denyhosts adds further addresses to that file. The hosts.allow
file basically allows you to whitelist IP addresses.
See the hosts_access(5)
man page for further information.
Related videos on Youtube
Comments
-
Simon almost 2 years
I'm running
Ubuntu 13.10
(not LTS, I know...). I havedenyhosts
installed. I have/etc/hosts.deny
and/etc/hosts.allow
. I've added 2 IPs tohosts.allow
(home + work). However, whenever I sign in from these IPs, I get an email telling me a suspicious sign-in occurred.I've tried formatting my
hosts.allow
file in 2 different ways. Neither appear to work.The first:
... sshd: iii.i.i.iii : allow sshd: iii.i.i.iii : allow
The second:
... sshd: iii.i.i.iii sshd: iii.i.i.iii
I don't know if this is related, but if i've noticed something I can't explain.
If I run
$ sudo service denyhosts restart * Stopping DenyHosts denyhosts [ OK ] /etc/init.d/denyhosts: 44: test: /etc/hosts.deny: unexpected operator * Starting DenyHosts denyhosts
But if I search for an error in either hosts.deny or hosts.allow, can't find any:
sudo test -e /etc/hosts.allow sudo test -e /etc/hosts.deny
And before I forget, my
/etc/denyhosts.conf
file :... # Most operating systems: HOSTS_DENY = /etc/hosts.deny # # Some BSD (FreeBSD) Unixes: HOSTS_DENY = /etc/hosts.allow ...
As the comment says, /etc/hosts.allow is apparently used on some BSD Unixes. Is this the problem? In some guides i've read for Ubuntu, apparently this is not.
EDIT:
The
/etc/init.d/denyhosts
file runs:HOSTS_DENY=$(grep ^HOSTS_DENY $CONFIG | cut -d = -f 2)
which in my case returns both
hosts.allow
andhosts.deny
. -
Simon over 10 yearsI tried your suggestion, with both formats for hosts.allow, and I still get an email warning about a suspicious sign-in.
-
Nathan C over 10 yearsYou may get the email but you won't be blocked. I'll add some details on how to prevent the emails too.
-
Simon over 10 yearsLooking into this now. Cheers.