Blog

Posted 2011/05/24

How to unblock an IP which was blocked by denyhosts

Denyhosts is a program for blocking an IP address after a number of failed ssh connection attempts. This is a very simple way to stop ssh brute force attacks on your machines. Every now and then a user manages to get an IP blocked by typing their password in incorrectly several times. This is how you remove their IP form the blocked list.

First you need to find the IP you need to unblock. You can do this by grepping for the username in /var/log/secure*

Once you know the IP you must remove it from every file used by denyhosts. Assuming the IP to unblock is 1.2.3.4, this is how to unblock it.

sudo /etc/init.d/denyhosts stop
cd /usr/share/denyhosts/data/
sudo grep "1.2.3.4" * /etc/host*
sudo vi hosts
sudo vi hosts-restricted
sudo vi hosts-valid
sudo vi users-hosts
sudo vi hosts-root
sudo /etc/init.d/denyhosts start

Remove every occurrence of 1.2.3.4 from any file you find using the grep.