S A I N T - 4 2 wrote: > I am looking at the log of denyhosts, and all I see is that I am getting > updates from the main server... But it looks like it never denies by itself.
Denyhosts only detects, sshd does the denying. In denyhost's log you'll see entries like the one below when the threshold set in your configuration is reached (DENY_THRESHOLD_INVALID or DENY_THRESHOLD_RESTRICTED or DENY_THRESHOLD_ROOT or DENY_THRESHOLD_VALID depending on the user name trying to login, and the time spanned also enters into account, AGE_RESET_INVALID, ...): Oct 24 14:01:04 - denyhosts : INFO new denied hosts: ['202.220.163.180'] > Also, if I look at the last IPs that attempted, I can see this: > ct 25 14:20:25 xenon sshd[24685]: Invalid user bind from 204.11.19.85 > Oct 25 14:20:25 xenon sshd[24688]: input_userauth_request: invalid user bind > Oct 25 14:20:25 xenon sshd[24688]: Received disconnect from > 204.11.19.85: 11: Bye Bye > Oct 25 14:20:26 xenon sshd[24692]: Received disconnect from > 204.11.19.85: 11: Bye Bye > > And when I look at the /etc/hosts.deny , none of the IPs are in here. > Only whats coming from the updates. > > Is it because I have the authentication with rsa keys only ? No, that has nothing to do with it. The first log line shown is good enough to trigger one count, just wait for more tries from the same IP. If you don't see something like this in your main log (messages or syslog), usually just below the lines you are showing: denyhosts: [user.info] Added the following hosts to /etc/hosts.deny - 202.220.163.180 (mm1.nwl.co.jp) Then either the threshold has not been reached, the DAEMON_SLEEP time hasn't elapsed, etc. Or DenyHosts is not working, watching the wrong log, not configured correctly, ... -- René Berber ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
