Ubuntu: Securing your remote SSH logins with Denyhosts

Being able to log in to your server remotely via SSH is an incredibly powerful way of remotely managing your system. With so many devices now able to support consoles (just about any current smartphone or current OS, really) you can check on things, update or make changes from just about anywhere.

 

One of the less positive consequences of opening up your SSH port to the wider world is that you’re also exposing your server to everyone else in the world, not just yourself. There are many computers and virus-born botnets out there who scan IP addresses for open ports and try to brute-force their way in to steal data, generally cause destruction or create another bot. One good way of protecting yourself is installing a program which monitors the attempted logins via SSH and blocks any IP addresses which match an undesired pattern: Denyhosts.

 

You can install denyhosts by entering the following:

 

sudo apt-get install denyhosts

 

This installs denyhosts on your system, which starts automatically once installed and also on boot. You can edit the settings with the following file:

 

/etc/denyhosts.conf

 

Blocked IPs are listed in:

 

/etc/hosts.deny

 

It’s not unusual to have hundreds of entries after a couple of months. The default settings are reasonably good; you do have the freedom to make them as lenient or paranoid as you care to which is handy for tailoring it to your specific needs (e.g. strict rules re: logging in as accounts that don’t exist or the root account). Be aware that if you mistype your own password enough times you may ban your ou cown IP address, which might be inconvenient if you don’t have physical access to the server or another IP to fix!

 

Denyhosts is a quick, easy and powerful way to begin securing your SSH-accessible servers – as far as we’re concerned it or an equivalent program are a must if you’re opening up a SSH port to the outside world.