In today’s digital landscape, brute-force attacks are among the most common and effective methods hackers use to gain unauthorized access to servers. These attacks involve repeatedly attempting to guess the correct username and password for SSH (Secure Shell) access. To secure your server with DenyHosts on Ubuntu 24, this tool is essential as it blocks IP addresses responsible for repeated failed login attempts, helping to mitigate these attacks effectively.
In this blog post, we’ll walk you through the process of setting up and configuring DenyHosts on Ubuntu 24 to protect your SSH server from brute-force attacks.
Why Use DenyHosts?
Brute-force Protection: DenyHosts blocks IP addresses that have multiple failed login attempts, reducing the chance of a successful brute-force attack.
Customizable: You can configure the number of failed login attempts, the duration of the block, and other settings.
Lightweight: DenyHosts uses minimal system resources and integrates well with your existing SSH configuration.
Automatic Blocking: When an IP is blocked, the system adds it to the hosts.deny file, preventing future SSH login attempts from that IP.
Download the Latest Version of DenyHosts
wget https://github.com/denyhosts/denyhosts/archive/refs/heads/master.zipUnzip the downloaded file:
sudo apt install unzip
unzip master.zipNavigate to the extracted folder:
cd denyhosts-masterInstall Dependencies
Before installing DenyHosts, make sure your system has the necessary dependencies.
Install Python and dependencies:
sudo apt update
sudo apt install python3 python3-pip python3-setuptoolsInstall DenyHosts
sudo python3 setup.py installThis will install DenyHosts system-wide.
Configuring DenyHosts
Once DenyHosts is installed, you need to configure it to protect your SSH server.
Open the DenyHosts configuration file:
sudo nano /etc/denyhosts.confModify the configuration settings as per your requirements.
BLOCK_SERVICE: The service for which failed login attempts will be monitored. By default, DenyHosts watches SSH.
BLOCK_SERVICE = sshd
HOSTS_DENY: Defines the location of the hosts.deny file where the blocked IPs will be listed.
HOSTS_DENY = /etc/hosts.deny
ADMIN_EMAIL: The email address where you want to receive alerts when IP addresses are blocked.
ADMIN_EMAIL = your_email
DENY_THRESHOLD_INVALID: The number of invalid login attempts required before blocking an IP. Default is 5. You can adjust this to be more or less strict.
DENY_THRESHOLD_INVALID = 5
Checking DenyHosts Activity
Once DenyHosts is running, it will monitor your system logs for failed SSH login attempts and add offending IPs to the hosts.deny file.
To check which IPs have been blocked:
Check the contents of the hosts.deny file:
cat /etc/hosts.denyBlocked IPs will be listed here, and any IP that exceeds the failed login attempts threshold will be denied access to your server.
Whitelist Trusted IPs
If you have a trusted IP (such as your own or a specific set of IP addresses), you can add it to the whitelist to prevent it from being blocked by DenyHosts.
To whitelist an IP, you need to add it to the hosts.allow file:
Edit the hosts.allow file:
sudo nano /etc/hosts.allowAdd the trusted IP (for example, to allow SSH access from a specific IP):
sshd: IP_addressThe trusted IP will now be allowed to access SSH even if it triggers failed login attempts.
In this blog, we’ve explored how to secure your server with DenyHosts on Ubuntu 24 to protect it from brute-force SSH attacks. By installing DenyHosts from source, configuring its settings, and creating a systemd service to manage it, you can significantly improve your server’s security.
For expert support on “How to Secure Your Server with DenyHosts on Ubuntu 24,” don’t hesitate to contact us. Our comprehensive server management services are designed to help you secure your server with denyhosts on Ubuntu 24, ensuring robust protection against security threats. Reach out today to enhance your server’s security and performance!
