Glenn Sieb wrote: > Ok.. further testing... > > So I tried some fake logins from my box, and get: > > /var/log/denyhosts: 2008-05-12 15:17:06,661 - denyhosts : INFO new > denied hosts: ['67.83.100.11'] > > /etc/hosts.deniedssh: #DenyHosts: Mon May 12 15:17:06 2008 | 67.83.100.11 > 67.83.100.11 > > Yet, I can still ssh in from that IP address: > > /var/auth.log: May 12 15:18:15 caduceus sshd[81033]: Failed password for > invalid user halb3 from 67.83.100.11 port 55148 ssh2 > May 12 15:18:17 caduceus last message repeated 2 times > May 12 15:18:29 caduceus sshd[81035]: Accepted publickey for ges from > 67.83.100.11 port 55150 ssh2 > > Hopefully this sheds some light?
Yes, I'm not sure if sshd uses libwrap.a or does its own parsing of hosts.deny and hosts.allow, but I suspect your line that says: sshd : /etc/hosts.deniedssh : deny That format I haven't used, and just barely remember having read about it but I'm not sure what options tcp_wrappers need in its Makefile for it to work. Anyway try adding banned IP addresses directly to hosts.deny (leave hosts.allow as it is). Test by stopping DH, change its configuration to use hosts.deny, and starting it. -- René Berber ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
