Denyhosts

From SME Server
Revision as of 22:35, 6 July 2017 by Unnilennium (talk | contribs) (→‎Bugs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


Denyhosts SSH

Devel 10:
Contrib 10:
Contrib 9:
smeserver-denyhosts
The latest version of smeserver-denyhosts is available in the SME repository, click on the version number(s) for more information.


Contrib 10:
Contrib 9:
denyhosts
The latest version of denyhosts is available in the SME repository, click on the version number(s) for more information.



Maintainer

Unnilennium aka Jean-Philippe PIALASSE (Contrib)

Description

  • Denyhosts bans hosts which failed too many login attempts to your ssh deamon.
  • It contains also a panel in the server manager to see who is blocked, add some allowed hosts not to block and enable or disable the service.


it needs the packages smeserver-denyhosts and denyhosts

Installation

  1. Log in (with username root) to the SMEserver console.
  2. Install smeserver-denyhosts
    /usr/bin/yum install smeserver-denyhosts --enablerepo=smecontribs
    You will get a y/N-question, answer y if it looks fine. There is no need to reboot the server.
  3. Open your webbrowser and go to the server-manager.
    Under "Security" there should be a new line named "SSH Denyhosts". You should go to it and configure all necessary allowed hosts before enabling the service. When done set status to 'enabled'.


Alternatively you can use the server-manager panel "Software installer" to add a new package and select smeserver-denyhosts (repo smecontribs must be enabled) then do the reconfiguration and reboot task, instead of steps 1 and 2, then refresh your browser and configure denyhosts,.


Editing configuration

Q) How can the denyhost configuration be customized?

A) You must copy the templates to the templates-custom directory and modify the appropriate fragments.

mkdir -p /etc/e-smith/templates-custom/etc/denyhosts.conf
cd /etc/e-smith/templates-custom/etc/denyhosts.conf/
cp ../../../templates/etc/denyhosts.conf/* .

Now edit the appropriate files. See the Denyhosts FAQ for details. When done make your changes effective:

signal-event conf-denyhosts


Q) How is an ip-address removed from the blocked list?

A) Edit the configuration file and and restart the service.

pico -w /etc/hosts.deny_ssh

Make required changes, then save & exit

ctrl + c

ctrl + x

/etc/init.d/denyhosts restart

precaution

when you edit the /etc/hosts.deny_ssh

you should delete both the IP and comment line otherwise it will not work

for example you want to let 192.168.3.3 to have access and you find this

# DenyHosts: Thu Feb 14 19:03:30 2013 | 192.168.1.1
192.168.1.1
# DenyHosts: Thu Feb 14 22:36:00 2013 | 192.168.2.2
192.168.2.2
# DenyHosts: Fri Feb 15 08:44:09 2013 | 192.168.3.3
192.168.3.3
# DenyHosts: Fri Feb 15 10:44:39 2013 | 192.168.n.n
192.168.n.n

if you delete only the IP (not the comment also) the block ban will not be raised for IP 192.168.3.3 after the restart of the service

# DenyHosts: Thu Feb 14 19:03:30 2013 | 192.168.1.1
192.168.1.1
# DenyHosts: Thu Feb 14 22:36:00 2013 | 192.168.2.2
192.168.2.2
# DenyHosts: Fri Feb 15 08:44:09 2013 | 192.168.3.3
# DenyHosts: Fri Feb 15 10:44:39 2013 | 192.168.n.n
192.168.n.n

or if you change to another IP it seems to don't work

# DenyHosts: Thu Feb 14 19:03:30 2013 | 192.168.1.1
192.168.1.1
# DenyHosts: Thu Feb 14 22:36:00 2013 | 192.168.2.2
192.168.2.2
# DenyHosts: Fri Feb 15 08:44:09 2013 | 192.168.3.3
192.168.a.a
# DenyHosts: Fri Feb 15 10:44:39 2013 | 192.168.n.n
192.168.n.n

you should delete both lines (IP + comment)

# DenyHosts: Thu Feb 14 19:03:30 2013 | 192.168.1.1
192.168.1.1
# DenyHosts: Thu Feb 14 22:36:00 2013 | 192.168.2.2
192.168.2.2
# DenyHosts: Fri Feb 15 10:44:39 2013 | 192.168.n.n
192.168.n.n

and then restart the service

/etc/init.d/denyhosts restart

Uninstall

yum remove smeserver-denyhosts denyhosts

or alternatively just remove them from the server-manager "Software installer"

Additional information

you can change the destination email account, instead of the default admin account, for this contribs using :

config setprop denyhosts AdminEmail youremail@yourdomaine.tld
signal-event conf-denyhosts


Check installed version

yum info installed smeserver-denyhosts

Bugs

Please raise bugs under the SME Contribs section in bugzilla .


IDProductVersionStatusSummary (2 tasks)
12582SME Contribs10.0UNCONFIRMEDDenyhosts ValidFrom from Configurations DB not used
10430SME Contribs9.3UNCONFIRMEDSSH Denyhosts Web panel does not support entry of range of "Authorized IP"

Changelog

Only released version in smecontrib are listed here.

smeserver-denyhosts Changelog: SME 10 (smecontribs)
2022/07/30 Jean-Philippe Pialasse 2.9-19.sme
- add Provides perl(esmith::FormMagick::Panel::denyhosts)
2022/07/30 Brian Read 2.9-18.sme
- Re-build and link to latest devtools [SME: 11997]
2022/07/22 Jean-Philippe Pialasse 2.9-17.sme
- add to core backup [SME: 12003]

2021/12/09 Jean-Philippe Pialasse 2.9-16.sme
- Re-build and link to latest devtools log path [SME: 11804]

- Re-build and link to latest devtools multiple rpm owner [SME: 11677]
2021/08/22 Terry Fage 2.9-15.sme
- apply locale 2021-08-21 patch