1.了解denyhosts

在运维过程中,经常会暴力破解ssh密码;denyhosts是使用python2.3编写的利用/etc/hosts.deny对非法破解进行过滤的工具。它先检查/var/log/secure日志监控同一个ip,当错误登录次数达到预定值时将ip禁止登录。

2.使用脚本安装denyhosts

[root@localhost ~]# cat install_denyhosts.sh ##全自动安装脚本

#!/bin/bash

###1.download and unpackage.

wget http://jaist.dl.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz -P /usr/local/src/

tar zxf /usr/local/src/DenyHosts-2.6.tar.gz -C /usr/src/


###2.install denyhosts

cd /usr/src/DenyHosts-2.6

python setup.py install


###3.add service control scripts

cd /usr/share/denyhosts/

cp daemon-control-dist daemon-control

chown root daemon-control

chmod 700 daemon-control

ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts

chkconfig --add denyhosts

chkconfig denyhosts on


###4.setting config and start server

grep -v "^#" denyhosts.cfg-dist |grep -v "^$">denyhosts.cfg

echo "/usr/share/denyhosts/daemon-control start" >>/etc/rc.local

/etc/init.d/denyhosts start


3.测试

linuxfan@sggfu:~$ ssh root@192.168.100.100

welcome to linuxfan.cn

root@192.168.100.100's password: 

Permission denied, please try again.

root@192.168.100.100's password: 

Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).  ##成功

linuxfan@sggfu:~$ ssh root@192.168.1.104

ssh_exchange_identification: read: Connection reset by peer