I suspect that my log is in an unusual format. What sort of steps should I take to troubleshoot? Is there a doc somewhere I've overlooked that explains what denyhosts looks for in the logs, and what it ignores, and how to make it more verbose, etc.? Symptom seems to be that it eventually denies everyone. I've white-listed our local machines, but whenever someone tries to ssh in from outside our local net there is trouble. Thanks, Dave
On Jan 9, 2008 12:57 PM, Phil Schwartz <[EMAIL PROTECTED]> wrote: > > Check the files in your DH WORK_DIR (grep them) for one of the subnodes. > The number after the : indicates the number of hack attempts DH detected. > If this number seems incorrect, check your SECURE_LOG for that IP address > to determine if they were legit or not. If DH incorrectly identified them > as attacks then your SECURE_LOG is likely in an unusual format. > > You may also want to stop DH, remove the IP address(es) from the WORK_DIR > files, and the IP's to WORK_DIR/allowed-hosts and restart DH. > > Regards, > > Phil > > > On Wed, 9 Jan 2008, David Burns wrote: > > > I have a cluster master node running denyhosts (Thanks!), but I am > > confused because some of the subnodes get denied. I've put them into > > /etc/hosts.allow, so they don't actually lose access, but I do still > > get reports about them. Is there some documentation somewhere that > > would explain what to look for to find out what these nodes are doing > > that sets off denyhosts? I am pretty sure that there are no hackers > > with access to the subnodes trying to hack the master node - they're > > wired such that the only way to get to the nodes is through the > > master! > > Thanks in advance, > > Dave > > > > ------------------------------------------------------------------------- > > Check out the new SourceForge.net Marketplace. > > It's the best place to buy or sell services for > > just about anything Open Source. > > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > > _______________________________________________ > > Denyhosts-user mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/denyhosts-user > > > > -- > Regards, > > Phil Schwartz > - http://www.phil-schwartz.com > > Open Source Projects: > - DenyHosts: http://www.denyhosts.net > - Kodos: http://kodos.sourceforge.net > - ReleaseForge: http://releaseforge.sourceforge.net > - Scratchy: http://scratchy.sourceforge.net > - FAQtor: http://faqtor.sourceforge.net > ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
