This Is Your Brain On Informatics: DenyHosts

From Pathology Education Instructional Resource
Jump to: navigation, search

DenyHosts is a firewall that is built for the Linux OS and is probably the easiest way to secure a server. This program prevents unauthorized access to the server by blocking an IP address after a set number of unsuccessful attempts have been made.

Installing DenyHosts

Currently, as of writing this wiki page (12/01/13), the easiest way to install DenyHosts is to use aptitude by typing in the following command.

aptitude install denyhosts

Important Files

There are two important files in DenyHosts in order to make sure that it runs properly: hosts.deny and hosts.allow. The location of both of these files can be found in common pathnames.


This file stores the IP addresses that have been denied access to the server through ssh. If the server is active, this file will fill up rapidly. The importance of this file lies in the fact that it will also deny your IP address if you attempt to unsuccessfully log into the server more than the set number of times (this can also occur if DenyHosts is glitching). If this is the case, open the file on the actual server (through the virtual machine if that is how the server was built) and delete the appropriate IP address. Then reboot the machine.


This file gives permanent ssh access to IP addresses listed inside by preventing them from being placed in the hosts.deny file. This file can be used if DenyHosts is glitching and constantly placing your IP address in hosts.deny. The syntax for permanently allowing an IP address to ssh into the server is shown below.

ALL: (or whatever your IP address is)