Hello Mark,

You can start DH in debug mode to get more detailed logs.  You should 
probably stop DH, clear the host(s) from /etc/hosts.deny AND from your 
WORK_DIR/* files-- those file contain the number of failures so if they 
already exceed the allowed number it's probable that they are causing the 
lockouts.  After they are cleared, restart DH.  You can either start it w/ 
debug (/etc/init.d/denyhosts start --debug) or afterwards by sending the 
process a SIGUSR1 signal, eg.   kill -SIGUSR1 <pid of denyhosts>

Reagrds,

Phil




On Fri, 27 May 2011, Mark Seger wrote:

> First - very cool tool.  I've only been using it for a few hours but
> already it's added a bunch of entries to my /etc/hosts.deny file.
>
> But now my dilemma, and I'm sure you've heard this before and so maybe
> an entry in the FAQ could help stop people like me from pestering you?
>
> My config at home is a PC running vista at 192.168.1.100 and a
> workstation running RHEL5.3 at 192.168.1.104.  When I run denyhosts
> both addresses are marked as denied so I commented them out in
> /etc/hosts.deny and sure enough, they got flagged again a little
> later.  Next I did a tail -f on /etc/hosts.deny and got on with my
> work.  When I opened a putty window to my linux box up it popped and
> asked for a username, so it was still a valid host.  BUT seconds after
> I closed the window without even trying to log in, both my pc's
> address AND the linux box were added to /etc/hosts.deny again.
>
> Now here's the real mystery - I thought denyhosts watches
> /var/log/secure for failed login attempts.  But here's the tail of
> that log, noting 'poker' is my linux box.
>
> May 27 08:35:06 poker sshd[19524]: Connection closed by 192.168.1.100
>
> this raises several questions, first and foremost, is if there wasn't
> a failed login, why was host 100, the vista box, denied?  Furthermore,
> why was the address of my linux box itself added to /etc/hosts.deny?
>
> I did see in the faq I can always add an allow-hosts file to my
> workdir, but I'd really like to know what's going on here.  Part of me
> thinks it may be a simple config setting but I have no idea what it
> might be.
>
> One last thing, here's the tail of the denyhosts log:
>
> 2011-05-27 08:35:20,801 - denyhosts   : INFO     new denied hosts:
> ['192.168.1.100', '192.168.1.104']
>
> doesn't really say why the hosts were denied.  Is there a way to make
> the log more verbose or somewhere else to look for more detail?
>
> -mark
>
> ------------------------------------------------------------------------------
> vRanger cuts backup time in half-while increasing security.
> With the market-leading solution for virtual backup and recovery,
> you get blazing-fast, flexible, and affordable data protection.
> Download your free trial now.
> http://p.sf.net/sfu/quest-d2dcopy1
> _______________________________________________
> Denyhosts-user mailing list
> Denyhosts-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/denyhosts-user
>

-- 

Regards,

Phil Schwartz
http://www.phil-schwartz.com

Open Source Projects:

DenyHosts: http://www.denyhosts.net
Kodos: http://kodos.sourceforge.net
ReleaseForge: http://releaseforge.sourceforge.net
Scratchy: http://scratchy.sourceforge.net
FAQtor: http://faqtor.sourceforge.net

Become a fan of DenyHosts:

http://www.facebook.com/pages/DenyHosts/58269629216


------------------------------------------------------------------------------
Simplify data backup and recovery for your virtual environment with vRanger. 
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Data protection magic?
Nope - It's vRanger. Get your free trial download today. 
http://p.sf.net/sfu/quest-sfdev2dev
_______________________________________________
Denyhosts-user mailing list
Denyhosts-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/denyhosts-user

Reply via email to