Tutorial

How To Install DenyHosts on Ubuntu 12.04

Published on June 15, 2012

How To Install DenyHosts on Ubuntu 12.04

Status: Deprecated

This article covers a version of Ubuntu that is no longer supported. If you are currently operate a server running Ubuntu 12.04, we highly recommend upgrading or migrating to a supported version of Ubuntu:

Reason: Ubuntu 12.04 reached end of life (EOL) on April 28, 2017 and no longer receives security patches or updates. This guide is no longer maintained.

See Instead:
This guide might still be useful as a reference, but may not work on other Ubuntu releases. If available, we strongly recommend using a guide written for the version of Ubuntu you are using. You can use the search functionality at the top of the page to find a more recent version.

About DenyHosts

DenyHosts is a security tool written in python that monitors server access logs to prevent brute force attacks on a virtual private server. The program works by banning IP addresses that exceed a certain number of failed login attempts.

Step One—Install Deny Hosts

DenyHosts is very easy to install on Ubuntu

 sudo apt-get install denyhosts

Once the program has finished downloading, denyhosts is installed and configured on your virtual private server.

Step Two—Whitelist IP Addresses

After you install DenyHosts, make sure to whitelist your own IP address. Skipping this step will put you at risk of locking yourself out of your own machine.

Open up the list of allowed hosts allowed on your VPS:

sudo nano /etc/hosts.allow

Under the description, add in any IP addresses that cannot afford to be banned from the server; you can write each one on a separate line, using this format:

sshd: 12.34.45.678

After making any changes, be sure to restart DenyHosts so that the new settings take effect on your virtual private server:

sudo /etc/init.d/denyhosts restart

Step Three—(Optional) Configure DenyHosts

DenyHosts is ready use as soon as the installation is over.

However if you want to customize the behavior of DenyHosts on your VPS, you can make the changes within the DenyHost configuration file:

sudo nano /etc/denyhosts.conf

By Etel Sverdlov

Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.

Learn more about our products

About the authors

Etel Sverdlov

author

Still looking for an answer?

Ask a question Search for more help

Was this helpful?

10 Comments

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Mace • February 14, 2015

I don’t have an static IP address but I do you a dynamic service could I use a FQDN?

“sshd: 12.34.45.678” could use “sshd: myhouse.domainname.ext” instead?

FranciscoLuz • September 5, 2014

Denyhots is no longer available on Ubuntu 14.04. Check this out.

chassnider • May 19, 2014

Note that denyhosts is no long maintained in 14.04LTS http://askubuntu.com/questions/433924/package-denyhosts-in-ubuntu-trusty-tahr-is-deleted-temporary-or-forever

luke601846 • March 31, 2014

When I attempted to restart denyhosts using the following line given in the tutorial, I got a command not found error:

sudo /etc/init.d/denyhosts restart

But the following command worked:

sudo service denyhosts restart

Should this be changed in the tutorial? Thanks for the article.

adelsolar1 • February 11, 2014

Dreni228, try a purge first, it will (it should) delete ALL traces of a package:

sudo apt-get purge fail2ban

and then reinstall again, maybe it will work

dreni228 • January 16, 2014

I have removed fail2ban from the server and then i tried to install again. But now, when i Enable the fail2ban i get this error: ERROR /etc/fail2ban/fail2ban.conf and /etc/fail2ban/fail2ban.local do not exist

How can i fix this?

Kamal Nasser

DigitalOcean Employee