DenyHosts是用python2.3編寫的一個程序,會分析/var/log/secure等文件,當發現同一個ip進行多次ssh登錄失敗時會將其寫入/etc/hosts.dengy文件,達到屏蔽該ip的目的。
下載DenyHosts包
[root@localhost ~]# wget http://jaist.dl.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz
安裝DenyHosts
[root@localhost ~]# tar xf DenyHosts-2.6.tar.gz
[root@localhost ~]# cd DenyHosts-2.6
[root@localhost DenyHosts-2.6]# python setup.py install
製作配置文件
[root@localhost DenyHosts-2.6]# cp denyhosts.cfg-dist /etc/denyhosts.cfg
[root@localhost DenyHosts-2.6]# cp daemon-control-dist daemon-control
[root@localhost DenyHosts-2.6]# chown root daemon-control
[root@localhost DenyHosts-2.6]# chmod 700 daemon-control
修改配置文件
將daemon-control中的#DENYHOSTS_CFG = "/usr/share/denyhosts/denyhosts.cfg"改爲 DENYHOSTS_CFG = “/etc/denyhosts.cfg”
啓動
[root@localhost DenyHosts-2.6]# ./daemon-control start(注意相對路徑)
測試另外一臺服務器遠程連接172.16.1.16
默認允許五次,測試發現登陸失敗五次之後不允許登陸
[root@localhost ~]# ssh [email protected]
[email protected]'s password:
Permission denied, please try again.
[email protected]'s password:
Permission denied, please try again.
[email protected]'s password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[root@localhost ~]#
......
[root@localhost ~]# ssh [email protected]
ssh_exchange_identification: read: Connection reset by peer
查看hosts.deny文件
登陸連續失敗之後就會把ip地址寫在hosts.deny文件。