Tutorial
How To Install DenyHosts on Ubuntu 12.04
Status: Deprecated
This article covers a version of Ubuntu that is no longer supported. If you are currently operate a server running Ubuntu 12.04, we highly recommend upgrading or migrating to a supported version of Ubuntu:
- Upgrade to Ubuntu 14.04.
- Upgrade from Ubuntu 14.04 to Ubuntu 16.04
- Migrate the server data to a supported version
Reason: Ubuntu 12.04 reached end of life (EOL) on April 28, 2017 and no longer receives security patches or updates. This guide is no longer maintained.
See Instead:
This guide might still be useful as a reference, but may not work on other Ubuntu releases. If available, we strongly recommend using a guide written for the version of Ubuntu you are using. You can use the search functionality at the top of the page to find a more recent version.
About DenyHosts
DenyHosts is a security tool written in python that monitors server access logs to prevent brute force attacks on a virtual private server. The program works by banning IP addresses that exceed a certain number of failed login attempts.
Step One—Install Deny Hosts
DenyHosts is very easy to install on Ubuntu
sudo apt-get install denyhosts
Once the program has finished downloading, denyhosts is installed and configured on your virtual private server.
Step Two—Whitelist IP Addresses
After you install DenyHosts, make sure to whitelist your own IP address. Skipping this step will put you at risk of locking yourself out of your own machine.
Open up the list of allowed hosts allowed on your VPS:
sudo nano /etc/hosts.allow
Under the description, add in any IP addresses that cannot afford to be banned from the server; you can write each one on a separate line, using this format:
sshd: 12.34.45.678
After making any changes, be sure to restart DenyHosts so that the new settings take effect on your virtual private server:
sudo /etc/init.d/denyhosts restart
Step Three—(Optional) Configure DenyHosts
DenyHosts is ready use as soon as the installation is over.
However if you want to customize the behavior of DenyHosts on your VPS, you can make the changes within the DenyHost configuration file:
sudo nano /etc/denyhosts.conf
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
author
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.
Can you run denyhost and fail2ban together or will they step on each other?
You can use them together if you wish—they should not really interfere with each other.
Hello! Nice tutorial, but i have put on hosts.allow my ip to connect via ssh but the denyhost automaticlly put some ip on hosts.deny. Need some specific configuration? why do not recognise the hosts.allow ip? best regards
Hi, please paste your hosts.allow file there may be a typo or it may be misconfigured which is why you had that issue.
you need to sudo before using nano to edit those files
Updated! Thank you!
better yet, use sudoedit instead of sudo nano
If I reboot my VPS, will the rules still be in place?
I know that most users reading this tutorial has already followed other tutorials which explain the nano editor commands to save (ctrl+x, y, enter), but mentioning them here will be useful for novice.
What would you do if the ip you allow changes for was on a dynamic ip?