denyhosts keeps adding back my IP

Question

I am trying to unblock an IP from which I was doing some tests. I have followed the tutorials on the net:

$ sudo /etc/init.d/denyhosts stop
$ sudo vim /etc/deny.hosts
[remove the last line where I can see my IP to clear]
$ cd /var/lib/denyhosts/
$ sudo vim *
[remove any occurences of my IP to clear]
$ sudo /etc/init.d/denyhosts start

At this moment my IP appears back into /etc/deny.hosts. I tried also:

$ cd /var/lib/denyhosts/
$ echo '123.456.789.122' >> /var/lib/denyhosts/allowed-hosts

I also tried:

$ echo 'my.ip.to.clear' >> /etc/hosts.allow

Unfortunately the hosts.deny always takes precedence, and refuse ssh connection, as can be seen from the log file:

Feb 10 10:06:24 ks123456 sshd[22875]: refused connect from 123.456.789.122 (123.456.789.122)

ref: debian/6.0.4, denyhosts 2.6-10

Answer 1

This worked for me on Centos. Follow the 8 steps below and you should be good to go.

1. Stop DenyHosts

   # services denyhosts stop

2. Remove the IP address from /etc/hosts.deny

3. Edit /var/lib/denyhosts/hosts and remove the lines containing the IP address. Save the file.

4. Edit /var/lib/denyhosts/hosts-restricted and remove the lines containing the IP address. Save the file.

5. Edit /var/lib/denyhosts/hosts-root and remove the lines containing the IP address. Save the file.

6. Edit /var/lib/denyhosts/hosts-valid and remove the lines containing the IP address. Save the file.

7. Edit /var/lib/denyhosts/users-hosts and remove the lines containing the IP address. Save the file.

(optional) Consider adding the IP address to /var/lib/denyhosts/allowed-hosts

8. Start DenyHosts

   # services denyhosts start

Answer 2

The instructions to remove an entry for denyhosts can be found here: http://www.cyberciti.biz/faq/linux-unix-delete-remove-ip-address-that-denyhosts-blocked/. In Ubuntu the denyhosts data files are located at /var/lib/denyhosts.

1. Make sure there are not entries that represent the domain name for your IP address in denyhosts.
2. After removing all occurrences of your IP address, and domain name from /etc/deny.hosts (/etc/hosts.deny for Ubuntu) if you are still unable to log in, check the authentication log usually in: /var/log/auth.log It may give you clues to what your problem is.
3. If you are running linux on both the server and client, you may want to use ssh-copy-id so that you don't need a password to login to prevent locking yourself out by using the wrong password too many times in the future.

I had problems myself because I had a location saved in Dolphin on KDE to my sever using sftp. Dolphin uses your current username to try logging in which was getting my IP added to the hosts.deny file.

Answer 3

Just add the IP that should always have access to the file:

/etc/hosts.allow

That entry could look like:

ALL: 30.20.10.0/24

That way, even if it ends up in /etc/hosts.deny as well, the IP will still have access.

Mind the ALL before the IP, I see you forgot that with your echo statement.

References:

• http://its.virginia.edu/unixsys/sec/hosts.html
• http://linux.die.net/man/5/hosts.allow

Answer 4

If instructions above didn't help maybe denyhosts added IP to iptables firewall.

iptables -L -n -v | grep xxx.xxx.xxx.xxx

If you see something like that:

0 0 DROP all -- * * xxx.xxx.xxx.xxx 0.0.0.0/0

Remove required IP from firewall:

iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP

And restart networking to apply changes:

/etc/init.d/networking restart