| Revision as of 16:56, 19 December 2009 editPcap (talk | contribs)Pending changes reviewers, Rollbackers18,285 edits →Operation: dup← Previous edit | Revision as of 22:15, 19 December 2009 edit undoMiami33139 (talk | contribs)6,175 edits Nominated for deletion; see Misplaced Pages:Articles for deletion/DenyHosts. (TW)Next edit → | ||
| Line 1: | Line 1: | ||
| <!-- Please do not remove or change this AfD message until the issue is settled --> | |||
| {{AfDM|page=DenyHosts|logdate=2009 December 19|substed=yes|help=off}} | |||
| <!-- For administrator use only: {{oldafdfull|page=DenyHosts|date=19 December 2009|result='''keep'''}} --> | |||
| <!-- End of AfD message, feel free to edit beyond this point --> | |||
| {{Infobox Software | {{Infobox Software | ||
| |name = DenyHosts | |name = DenyHosts | ||
Revision as of 22:15, 19 December 2009
| An editor has nominated this article for deletion. You are welcome to participate in the deletion discussion, which will decide whether or not to retain it.Feel free to improve the article, but do not remove this notice before the discussion is closed. For more information, see the guide to deletion. Find sources: "DenyHosts" – news · newspapers · books · scholar · JSTOR%5B%5BWikipedia%3AArticles+for+deletion%2FDenyHosts%5D%5DAFD |
| Developer(s) | Phil Schwartz |
|---|---|
| Stable release | 2.6 / December 7, 2007; 17 years ago (2007-12-07) |
| Repository | |
| Written in | Python |
| Operating system | Linux,FreeBSD |
| Type | Security tool |
| License | GPL |
| Website | denyhosts.sf.net |
DenyHosts is a Python based security tool for SSH servers. It is intended to prevent brute force attacks on SSH servers by monitoring invalid login attempts in the authentication log and blocking the originating IP addresses. Denyhosts is developed by Phil Schwartz, who is also the developer of Kodos Python regular expression debugger.
Operation
DenyHosts checks the end of the authentication log for recent failed login attempts. It records information about their originating IP addresses and compares the number of invalid attempts to a user-specified threshold. If there have been too many invalid attempts it assumes a dictionary attack is occurring and prevents the IP address from making any further attempts by adding it to /etc/hosts.deny on the server. DenyHosts 2.0 and above support centralized synchronization, so that repeat offenders are blocked from many computers.
DenyHosts may be run manually, as a daemon, or as a cron job.
See also
- Fail2ban is a similar program that prevents brute force attacks against SSH and other services.
- TCP Wrappers
- OpenSSH
References
- Carla Schroder, Linux Networking Cookbook, O'Reilly, 2007, pp. 223–226, ISBN 0596102488