Blog

2011
- 12
- 11
- 10
- 09
- 08
- 07
- 06
- 05
- 04
- 03
- 02
- 01

2010
- 12
- 11
- 10
- 09
- 08
- 07
- 06
- 05
- 04
- 03
- 02
- 01

2008
- 12
- 11
- 10
- 09
- 08
- 07
- 06
- 05
- 04
- 03
- 02
- 01

2007
- 12
- 11
- 10
- 09
- 08
- 07
- 06
- 05
- 04
- 03
- 02
- 01

2006
- 12
- 11
- 10
- 09
- 08
- 07
- 06
- 05
- 04
- 03
- 02
- 01

2005
- 12
- 11
- 10
- 09
- 08
- 07
- 06
- 05
- 04
- 03
- 02
- 01

Posted 2011/05/24

How to unblock an IP which was blocked by denyhosts

Denyhosts is a program for blocking an IP address after a number of failed ssh connection attempts. This is a very simple way to stop ssh brute force attacks on your machines. Every now and then a user manages to get an IP blocked by typing their password in incorrectly several times. This is how you remove their IP form the blocked list.

First you need to find the IP you need to unblock. You can do this by grepping for the username in /var/log/secure*

Once you know the IP you must remove it from every file used by denyhosts. Assuming the IP to unblock is 1.2.3.4, this is how to unblock it.


sudo /etc/init.d/denyhosts stop 

cd /usr/share/denyhosts/data/ 

sudo grep "1.2.3.4" * /etc/host* 

sudo vi hosts 

sudo vi hosts-restricted 

sudo vi hosts-valid  

sudo vi users-hosts 

sudo vi hosts-root 

sudo /etc/init.d/denyhosts start

Remove every occurrence of 1.2.3.4 from any file you find using the grep.