DenyHosts 是一款专门用于防御 SSH 暴力破解的工具,其工作原理是:
监控 SSH 登录日志(如/var/log/secure)。
当检测到某 IP 多次登录失败(超过阈值),会自动将该 IP 添加到/etc/hosts.deny中屏蔽。
即使手动删除hosts.deny中的记录,DenyHosts 会定期重新加载配置,导致记录被再次添加。
解决办法(下面的IP替换成实际IP):
sed -i '/10.132.151.148/d' /usr/share/denyhosts/data/hosts sed -i '/10.132.151.148/d' /usr/share/denyhosts/data/hosts-restricted sed -i '/10.132.151.148/d' /usr/share/denyhosts/data/hosts-valid sed -i '/10.132.151.148/d' /usr/share/denyhosts/data/users-hosts sed -i '/10.132.151.148/d' /etc/hosts.deny sed -i '/10.132.151.148/d' /usr/share/denyhosts/data/hosts-root grep '10.132.151.148' /usr/share/denyhosts/data/* /etc/hosts.deny /etc/init.d/denyhosts restart