Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 21 Dec 2006 13:45:15 +0000
From:      Daniel Bye <>
To:        David Banning <>
Subject:   Re: question on hosts.allow
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Hash: SHA1

David Banning wrote:
> I have been running denyhosts to stop attacks on my ssh port.
> The attacks continue after protection is put in place.
> Here is what I have in the tail of my /etc/hosts.allow
> as per the installation instructions;
> -------------------------
> ...<snip>
> sshd : /etc/hosts.deniedssh : deny
> sshd : ALL : allow
> -------------------------
> and in /etc/hosts.deniedssh I have;
> -------------------------
> sshd: : deny
> sshd: : deny
> -------------------------

This isn't quite right.  This file should contain IP addresses, one per
line, without any of the extraneous stuff - the `sshd' and `deny' bits
are taken care of by the

sshd : /etc/hosts.deniedssh : deny

line in /etc/hosts.allow.  (Effectively, with your current setup, your
hosts.allow rules expand to something like this:

sshd : sshd : : deny : deny

which doesn't make much sense!)

At a guess, your BLOCK_SERVICE is set to something other than an empty
value.  It needs to be "BLOCK_SERVICE =" (without the quotes, of
course...) to ensure that only offending IP addresses get written out to
the auxiliary file.

> but I am still receiving attacks from the last IP address. So I am wondering
> what program actually -reads- hosts.allow

It should be read by anything that's built with tcpwrappers support.  In
this case, it would be sshd.

> May be it has to be reset, or restarted?

No, I don't think so.  I would imagine the problem is the screwy syntax
of your config.  Try setting BLOCK_SERVICE in
/usr/local/etc/denyhosts.conf, restart DenyHosts and see what happens...


Version: GnuPG v1.4.5 (FreeBSD)
Comment: Using GnuPG with Mozilla -


Want to link to this message? Use this URL: <>