Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 28 Sep 2006 20:48:32 +0000
From:      Robin Becker <>
Subject:   Re: denyhosts problems
Message-ID:  <>
In-Reply-To: <>
References:  <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Daniel Bye wrote:
> On Thu, Sep 28, 2006 at 05:22:43PM +0100, Robin Becker wrote:
>> I'm trying to get denyhosts-2.5 to work in 6.0 and have inserted a line in 
>> hosts.allow
>> ALL: : allow
>> sshd: /etc/hosts.deniedssh : deny
>> ALL: ALL : allow
>> but am finding that this causes my home ip to be denied even though I log 
>> in with a pre-shared key.
> sshd will still avail itself of libwrap's functionality /before/ the
> client even has a chance to offer its key. Anyone who manages to get
> a copy of your key will need also to satisfy your /etc/hosts.allow
> rules before they can use it.
>> The /etc/hosts.deniedssh file is being created, but my home ip is not 
>> present (it would be hard as I have a dynamically allocated one anyhow).
>> The hosts.deniedssh file contains entries like
> ALL : ALL : 61.219.xx.250 : deny : deny
> which, clearly, is nonsense!

I am not writing this file, denyhosts is.
> Make sure that denyhosts.cfg has a blank value for BLOCK_SERVICE and
> that it points HOSTS_DENY to the right file.  I guess that at least
> is correct, though.
My BAD I have the value ALL for BLOCK_SERVICE, I suppose that's the 
problem. I read further and it seems I do indeed need to set an empty 
value. Thanks.

> DenyHosts will then correctly record only the IP address of blocked
> hosts, which will result in much saner rule expansions!
>> I have the same setup in 6.1 and it seems to work. But I still see messages 
>> related to line 24 from that setup. Does denyhosts work properly?
> I suspect it is not quite the same - check the BLOCK_SERVICE setting on
> that machine.

You're probably right.

> Check out the DenyHosts FAQ - it's very useful.
> And the FreeBSD hosts_options(5) man page as well, which, as I said
> earlier, contains the full story on setting up your /etc/hosts.allow.

Thanks again.
Robin Becker

Want to link to this message? Use this URL: <>