When it comes to protecting SShd which is better to use
they both protect against attackers trying to guess or brute force their way into the box through ssh.
is there any benefit of one over the other ?
DenyHosts is a Python script that analyzes the sshd server log messages to determine what hosts are attempting to hack into your system. It also determines what user accounts are being targeted. It keeps track of the frequency of attempts from each host.DenyHosts is designed for the use by Linux system administrators, the script can be useful to anybody running an sshd server.
I'm running ubuntu 13.10 (not LTS, I know...). I have denyhosts installed. I have /etc/hosts.deny and /etc/hosts.allow. I've added 2 ips to hosts.allow (home+work). However, whenever I sign in from these ips, I get an email telling me a suspicious sign-in occurred.
I've tried formatting my hosts.allow file in 2 different ways.
I recently installed DenyHosts and after a few remote logins I noticed that sshd: 126.96.36.199 had been added to the host.deny file after /var/log/auth.log showed a few sshd: Did not receive identification string from 188.8.131.52. This appears to be no-ip.com.
denyhosts is installed and working. however it is insensitive. The secure log file is registering attempts, however the number captured by denyhosts is much smaller. Below is an example of a log entry that is not captured:
Jun 17 04:47:01 server sshd: Received disconnect from 184.108.40.206: 11: Bye Bye
I have been trying to set up my MacOS X Server, which I recently upgraded to Mountain Lion, to use denyhosts as I need to open port 22 to it. denyhosts is set up and adds entries to /etc/hosts.deny so I decided to add my laptops IP to it in order to verify that it actually works but I can still log in and my IP shows up in /private/var/log/system.log.