Shulou(Shulou.com)06/01 Report--

In this issue, the editor will bring you about how to use DenyHosts in Centos7 to prevent ssh from being violently cracked. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

Download the DenyHosts package

[root@localhost ~] # wget http://jaist.dl.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz

Install DenyHosts

[root@localhost ~] # tar xf DenyHosts-2.6.tar.gz [root@localhost ~] # cd DenyHosts-2.6 [root@localhost DenyHosts-2.6] # python setup.py install

Make a configuration file

[root@localhost DenyHosts-2.6] # cp denyhosts.cfg-dist / etc/denyhosts.cfg [root@localhost DenyHosts-2.6] # cp daemon-control-dist daemon-control [root@localhost DenyHosts-2.6] # chown root daemon-control [root@localhost DenyHosts-2.6] # chmod 700 daemon-control

Modify the configuration file

Change # DENYHOSTS_CFG = "/ usr/share/denyhosts/denyhosts.cfg" in daemon-control to DENYHOSTS_CFG = "/ etc/denyhosts.cfg"

Start

[root@localhost DenyHosts-2.6] #. / daemon-control start (pay attention to relative paths)

Test another server to connect remotely to 172.16.1.16

Five times are allowed by default, and it is not allowed to log in after the test found that the login failed five times.

[root@localhost ~] # ssh abc@172.16.1.16abc@172.16.1.16's password: Permission denied, please try again.abc@172.16.1.16's password: Permission denied, please try again.abc@172.16.1.16's password: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). [root@localhost ~] # [root@localhost ~] # ssh abc@172.16.1.16abc@172.16.1.16's password: Permission denied Please try again.abc@172.16.1.16's password: Permission denied, please try again.abc@172.16.1.16's password: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). [root@localhost ~] # ssh abc@172.16.1.16abc@172.16.1.16's password: Permission denied, please try again.abc@172.16.1.16's password: Permission denied, please try again.abc@172.16.1.16's password: Permission denied (publickey Gssapi-keyex,gssapi-with-mic,password). [root@localhost ~] # ssh abc@172.16.1.16abc@172.16.1.16's password: Permission denied, please try again.abc@172.16.1.16's password: Permission denied, please try again.abc@172.16.1.16's password: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). [root@localhost ~] # ssh abc@172.16.1.16ssh_exchange_identification: read: Connection reset by peer

View the hosts.deny file

After successive failed login, the ip address will be written in the hosts.deny file.

Ip of 172.16.1.112 has been restricted to the implementation of this function.

This is how to use DenyHosts to prevent ssh from being violently cracked in the Centos7 shared by the editor. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.