I would like to urge the Debian team to continue to support DenyHosts. Yes, on the outside it appears that Fail2ban and DenyHosts do the same thing. But DenyHosts has a couple of advantages. It can be installed and useful with nothing more than the appropriate "apt-get install ..." I always have to configure Fail2ban. The second advantage it has is that it pulls a list of known cyber-thugs from a central server so I know that if someone has been trying to knock down doors elsewhere my SSH server is already fortified against them.
On the other hand DenyHosts has an "Achilles heal". By using the "hosts.deny" file to block SSH access the cyber-thugs can DOS an SSH server relatively easily by loading it up with banned connect attempts. Due to the advantages and problems of DenyHosts I prefer to run *both* DenyHosts and Fail2ban. The default config of Fail2ban will catch on to SSH accesses blocked by DenyHosts and elevate the ban to the firewall, preventing the SSH server from being pushed to its connection limit. Unless, of course, its a DDOS attack. :-) I suppose if Fail2ban had a /global/ server that tracked bans then I would shift to Fail2ban only. But for the time being I use both. I will be using an old DenyHosts package until such time as the Debian team chooses to support this again. Thanks for your time, Jon -- Sent from my Debian Linux workstation -- http://www.debian.org/intro/about Jon Foster JF Possibilities, Inc. j...@jfpossibilities.com 541-410-2760 Making computers work for you!
