denyhosts ignoring /etc/hosts.allow

ubuntu login denyhosts

5,167

Solution 1

You have both of those uncommented, so it's leading me to believe that denyhosts is using /etc/hosts.allow. Comment out the second HOSTS_DENY line and restart denyhosts.

If you still get the emails, you need to add SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS = NO to your denyhosts.conf file. This requires DenyHosts 0.6 or higher. See this for details.

You'll also need to create an allowed-hosts file with your trusted IP addresses, one per line. This goes in the same folder defined by WORK_DIR in the configuration.

Solution 2

You need to comment out the HOSTS_DENY = /etc/hosts.allow line, since you are on Ubuntu and not on a BSD box.

Then, you need to understand how the hosts.(allow|deny) files are processed. Services which use these files always check hosts.allow before hosts.deny and stop at the first match. So, if you grant an IP address access in your hosts.allow file, access will be granted regardless of the contents of hosts.deny. You don't need to care if denyhosts adds further addresses to that file. The hosts.allow file basically allows you to whitelist IP addresses.

See the hosts_access(5) man page for further information.

5,167

Simon

Sometimes travelling, always coding.

Updated on September 18, 2022

Comments

Simon almost 2 years
I'm running Ubuntu 13.10 (not LTS, I know...). I have denyhosts installed. I have /etc/hosts.deny and /etc/hosts.allow. I've added 2 IPs to hosts.allow (home + work). However, whenever I sign in from these IPs, I get an email telling me a suspicious sign-in occurred.

I've tried formatting my hosts.allow file in 2 different ways. Neither appear to work.

The first:
```
...
sshd: iii.i.i.iii : allow
sshd: iii.i.i.iii : allow
```
The second:
```
...
sshd: iii.i.i.iii
sshd: iii.i.i.iii
```
I don't know if this is related, but if i've noticed something I can't explain.

If I run
```
$ sudo service denyhosts restart
 * Stopping DenyHosts denyhosts                                                                                                                                                                                                                                        [ OK ] 
/etc/init.d/denyhosts: 44: test: /etc/hosts.deny: unexpected operator
 * Starting DenyHosts denyhosts  
```
But if I search for an error in either hosts.deny or hosts.allow, can't find any:
```
sudo test -e /etc/hosts.allow
sudo test -e /etc/hosts.deny
```
And before I forget, my /etc/denyhosts.conf file :
```
...
# Most operating systems:
HOSTS_DENY = /etc/hosts.deny
#
# Some BSD (FreeBSD) Unixes:
HOSTS_DENY = /etc/hosts.allow
...
```
As the comment says, /etc/hosts.allow is apparently used on some BSD Unixes. Is this the problem? In some guides i've read for Ubuntu, apparently this is not.

EDIT:

The /etc/init.d/denyhosts file runs:
```
HOSTS_DENY=$(grep ^HOSTS_DENY $CONFIG  | cut -d = -f 2)
```
which in my case returns both hosts.allow and hosts.deny.
Simon over 10 years

I tried your suggestion, with both formats for hosts.allow, and I still get an email warning about a suspicious sign-in.
Nathan C over 10 years

You may get the email but you won't be blocked. I'll add some details on how to prevent the emails too.
Simon over 10 years

Looking into this now. Cheers.