9

I have setup Denyhosts to run on my server, and have been using it succesfully for the last few weeks, to allow me to ssh into my server from my home dev machine.

This morning, I accidentally typed my password incorrectly three times - and ended up being locked out of the system (tghat was ok, because that was what was supposed to happen). I logged into the server via another way and took the following actions (in the order given)

  1. /etc/init.d/ssh stop
  2. /etc/init.d/denyhosts stop
  3. removed my IP address from /etc/hosts.deny
  4. /etc/init.d/ssh start
  5. /etc/init.d/denyhosts start

Between steps 4 and 5, I checked /etc/hosts.deny. I noticed that as soon as I started denyhosts, my IP address was added aagin to the hosts.deny file. It appearrs that denyhosts is cacheing this information somewhere and I cant get it to reset.

Does anyone know how I may resolve this?. I am running on Ubuntu 10.0.4

BTW the error message I get is:

sh_exchange_identification: Connection closed by remote host

[Edit]

I took a look in /var/lib/denyhosts and saw there were several entries for my IP address (changed here to 12.34.56.78). Why so many entries - and which one do I need to remove?

./hosts:12.34.56.78:6:Tue Aug 10 11:37:07 2010
./hosts-root:12.34.56.78:0:Mon Aug 9 09:04:36 2010
./hosts-valid:12.34.56.78:0:Mon Aug 9 09:04:36 2010

Improve this question

1 Answer 1

Reset to default
9

Check files in /var/lib/denyhosts/ as your IP is stored there too. For the future, add your IP to /etc/hosts.allow:

ALL: xx.xx.xx.xx
Improve this answer
7
  • 1
    +1 I was not aware that that directory existed. I have edited my question to reflect that.
    – morpheous
    Commented Aug 10, 2010 at 12:27
  • Can't explain why there are so many entries. When I also run in that problem, I just cleared all occurences of my IP and added it to /etc/hosts.allow.
    – weeheavy
    Commented Aug 10, 2010 at 12:33
  • 1
    BTW I can't add my IP address to hosts.allow because I do not have a static IP address.
    – morpheous
    Commented Aug 10, 2010 at 12:34
  • Maybe this helps you: denyhosts.sourceforge.net/faq.html#3_7 You can define multiple IPs and hostnames which will never be denied. Maybe there's a pattern of the hostnames that you're logging in.
    – weeheavy
    Commented Aug 10, 2010 at 12:40
  • 1
    No. Thats obviously a security risk. I almost suggested earlier that I did not want to enter a pattern to be matched since it would open up security holes - but thought it was too obvious - so I left it out - only for you to recommend it ;). Anyway, I guessed the file to change, based on the entry date (I chose the latest entry - which was today). I have been ssh'ing onto the remote machine succesffuly previously, until today, so I looked at the file that had the most recent change (hosts). I stopped and started denyhosts (not restart like I did before) - and I can login successfully now.
    – morpheous
    Commented Aug 10, 2010 at 13:14

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .