How To Install DenyHosts on Ubuntu 16.04 LTS

In this tutorial we will show you how to install and configuration DenyHosts on Ubuntu 16.04 LTS server. For those of you who didn’t know, DenyHosts is a log-based intrusion prevention security tool for SSH servers written in Python. It is intended to prevent brute-force attacks on SSH servers by monitoring invalid login attempts in the authentication log and blocking the originating IP addresses. Due to the simplicity of DenyHost and the ability to manually configure your rules it is widely used as an alternative to Fail2ban which is a bit more complicated to use and configure. DenyHosts unfortunately does not support IPv6.

This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation DenyHosts on a Ubuntu 16.04 (Xenial Xerus) server.

Install DenyHosts on Ubuntu 16.04 LTS

Step 1. First make sure that all your system packages are up-to-date by running these following apt-get commands in the terminal.

sudo apt-get update
sudo apt-get upgrade

1 2	sudoapt-getupdate sudoapt-getupgrade

Step 2. Installing DenyHosts on Ubuntu 16.04.

Install denyhosts package using apt-get command:

sudo apt-get install denyhosts

1	sudoapt-getinstalldenyhosts

Step 3. Configure DenyHosts.

Once the Denyhosts installed, make sure to whitelist your own IP address, so you will never get locked out. To do this, open a file /etc/hosts.allow:

sudo nano /etc/hosts.allow

1	sudonano/etc/hosts.allow

Below the description, add the each IP address one-by-one on a separate line, that you never want to block. The format should be as follows:

# hosts.allow   This file contains access rules which are used to
#               allow or deny connections to network services that
#               either use the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#               for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers
#
sshd: 114.124.37.154
sshd: 114.121.131.131
sshd: 172.16.25.156

# hosts.allow This file contains access rules which are used to

# allow or deny connections to network services that

# either use the tcp_wrappers library or that have been

# started through a tcp_wrappers-enabled xinetd.

# See 'man 5 hosts_options' and 'man 5 hosts_access'

# for information on rule syntax.

# See 'man tcpd' for information on tcp_wrappers

sshd:114.124.37.154

sshd:114.121.131.131

sshd:172.16.25.156

You can further configure any settings in the DenyHosts.conf file by going to the following and updating according to your preference:

sudo nano /etc/denyhosts.conf

1	sudonano/etc/denyhosts.conf

Save your work and restart DenyHosts by running the commands below:

systemctl restart denyhosts.service
systemctl enable denyhosts.service

1 2	systemctlrestartdenyhosts.service systemctlenabledenyhosts.service

View DenyHosts logs:

tail -f /var/log/denyhosts
tail -f /var/log/secure

1 2	tail-f/var/log/denyhosts tail-f/var/log/secure

Congratulation’s! You have successfully installed DenyHosts. Thanks for using this tutorial for installing DenyHosts on Ubuntu 16.04 LTS (Xenial Xerus) system. For additional help or useful information, we recommend you to check the official DenyHosts web site.

VPS Manage Service Offer

If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get a best deal!

Save

SHARE ON Twitter Facebook Google+ Pinterest