A lot of people become nervous (and understandably so) when checking their auth or security logs, in Centos /var/log/secure and see dozens, hundreds of even thousands of attempted logins to various services, especially SSH.

Of course you could manually block these people/IPs but no one has time to read the logs like that, what if some program or script could do it for you?

This is what denyhosts does for you, it checks the logs and based on a certain number of failed SSH attempts, automatically adds an entry with the offending IPs to /etc/hosts.deny

How to install denyhosts

yum -y install denyhosts


chkconfig denyhosts on


service denyhosts on

That's all there is to it and your system becomes more secure in just 3 commands and a few seconds of your time, in my opinion most Linux distros should have this enabled by default.  Just make sure you don't get you own IP blocked by numerous SSH auth failures.

linux, centos, ssh, bruteforce, dictionary, attacks, automatically, denyhostsa, understandably, auth, logs, var, dozens, logins, various, manually, ips, denyhosts, attempts, adds, entry, offending, etc, hosts, install, yum, chkconfig, commands, distros, enabled, default, ip, blocked, numerous, failures,

Latest Articles