denyhosts keeps adding back my IP

This worked for me on Centos. Follow the 8 steps below and you should be good to go.

  1. Stop DenyHosts

    # services denyhosts stop

  2. Remove the IP address from /etc/hosts.deny

  3. Edit /var/lib/denyhosts/hosts and remove the lines containing the IP address. Save the file.

  4. Edit /var/lib/denyhosts/hosts-restricted and remove the lines containing the IP address. Save the file.

  5. Edit /var/lib/denyhosts/hosts-root and remove the lines containing the IP address. Save the file.

  6. Edit /var/lib/denyhosts/hosts-valid and remove the lines containing the IP address. Save the file.

  7. Edit /var/lib/denyhosts/users-hosts and remove the lines containing the IP address. Save the file.

(optional) Consider adding the IP address to /var/lib/denyhosts/allowed-hosts

  1. Start DenyHosts

    # services denyhosts start


If instructions above didn't help maybe denyhosts added IP to iptables firewall.

iptables -L -n -v | grep xxx.xxx.xxx.xxx

If you see something like that:

0 0 DROP all -- * * xxx.xxx.xxx.xxx 0.0.0.0/0

Remove required IP from firewall:

iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP

And restart networking to apply changes:

/etc/init.d/networking restart


Just add the IP that should always have access to the file: 

/etc/hosts.allow

That entry could look like:

ALL: 30.20.10.0/24

That way, even if it ends up in /etc/hosts.deny as well, the IP will still have access.

Mind the ALL before the IP, I see you forgot that with your echo statement.

References:

  • http://its.virginia.edu/unixsys/sec/hosts.html
  • http://linux.die.net/man/5/hosts.allow

The instructions to remove an entry for denyhosts can be found here: http://www.cyberciti.biz/faq/linux-unix-delete-remove-ip-address-that-denyhosts-blocked/. In Ubuntu the denyhosts data files are located at /var/lib/denyhosts.

  1. Make sure there are not entries that represent the domain name for your IP address in denyhosts.
  2. After removing all occurrences of your IP address, and domain name from /etc/deny.hosts (/etc/hosts.deny for Ubuntu) if you are still unable to log in, check the authentication log usually in: /var/log/auth.log It may give you clues to what your problem is.
  3. If you are running linux on both the server and client, you may want to use ssh-copy-id so that you don't need a password to login to prevent locking yourself out by using the wrong password too many times in the future.

I had problems myself because I had a location saved in Dolphin on KDE to my sever using sftp. Dolphin uses your current username to try logging in which was getting my IP added to the hosts.deny file.

Tags:

Ssh

Recent Posts