denyhosts is an excellent utility to prevent brute-force SSH attacks against your server. One shortcoming it has is that it is difficult to get a blacklisted IP address back out of the, well, blacklist. Simply removing its entry from /etc/hosts.deny will not keep denyhosts from doing its job of blocking what it deemed to be a threat. So what to do? Enter this script (below). It’s yours for the taking.
Unlike other tools floating around on the interwebs, this one actually works. Upload it to your server and name it “denyhosts-remove”, place it in /usr/local/sbin, and make it executable a la
chmod +x /usr/local/denyhosts-remove
Invoke it via sudo or as root with no arguments for usage instructions.
Are SSH attacks against servers common? Have you had these attacks?
I know that I/we are dealing with trojans such as the Win 7 2012 as a higher rate than ever.
Anyway, I have been reading some of your posts as time allows; VERY well written & informative, albeit over my head at times.
I apologize for the belated reply. Yes, SSH attacks are very common, but easy to thwart in most cases. I’m glad you’ve taken the time to look over some of my posts. I will get to adding more soon.