I'm running Ubuntu 13.10
(not LTS, I know…). I have denyhosts
installed. I have /etc/hosts.deny
and /etc/hosts.allow
. I've added 2 IPs to hosts.allow
(home + work). However, whenever I sign in from these IPs, I get an email telling me a suspicious sign-in occurred.
I've tried formatting my hosts.allow
file in 2 different ways. Neither appear to work.
The first:
...
sshd: iii.i.i.iii : allow
sshd: iii.i.i.iii : allow
The second:
...
sshd: iii.i.i.iii
sshd: iii.i.i.iii
I don't know if this is related, but if i've noticed something I can't explain.
If I run
$ sudo service denyhosts restart
* Stopping DenyHosts denyhosts [ OK ]
/etc/init.d/denyhosts: 44: test: /etc/hosts.deny: unexpected operator
* Starting DenyHosts denyhosts
But if I search for an error in either hosts.deny or hosts.allow, can't find any:
sudo test -e /etc/hosts.allow
sudo test -e /etc/hosts.deny
And before I forget, my /etc/denyhosts.conf
file :
...
# Most operating systems:
HOSTS_DENY = /etc/hosts.deny
#
# Some BSD (FreeBSD) Unixes:
HOSTS_DENY = /etc/hosts.allow
...
As the comment says, /etc/hosts.allow is apparently used on some BSD Unixes. Is this the problem? In some guides i've read for Ubuntu, apparently this is not.
EDIT:
The /etc/init.d/denyhosts
file runs:
HOSTS_DENY=$(grep ^HOSTS_DENY $CONFIG | cut -d = -f 2)
which in my case returns both hosts.allow
and hosts.deny
.
Best Answer
You have both of those uncommented, so it's leading me to believe that denyhosts is using
/etc/hosts.allow
. Comment out the secondHOSTS_DENY
line and restart denyhosts.If you still get the emails, you need to add
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS = NO
to your denyhosts.conf file. This requires DenyHosts 0.6 or higher. See this for details.You'll also need to create an
allowed-hosts
file with your trusted IP addresses, one per line. This goes in the same folder defined byWORK_DIR
in the configuration.