最近登陆SSH总是遇到莫名其妙的不能登陆，查看登陆日志发现好多的恶意IP来尝试破解root，主机商强烈建议安装denyhosts。只好把安装步骤给记录一下咯！

环境检查

ldd /usr/sbin/sshd|grep libwrap　　//查看libwrap动态链接库文件。
libwrap.so.0 => /lib64/libwrap.so.0 (0x00007f4b2a1b9000)

python -V　　　　　　　　　　　　  //查询版本为2.6.5
Python 2.6.6

安装步骤

cd /usr/src 
wget http://ncu.dl.sourceforge.net/sourceforge/denyhosts/DenyHosts-2.6.tar.gz
tar -xzvf DenyHosts-2.6.tar.gz
cd DenyHosts-2.6
python setup.py install　　  //安装Denyhost
cd /usr/share/denyhosts/    //切换目录进入/usr/share/denyhosts目录
cp denyhosts.cfg-dist denyhosts.cfg   //备份配置文件

 DenyHosts参数配置

SECURE_LOG = /var/log/secure
# format is: i[dhwmy]
# Where i is an integer (eg. 7)
# m = minutes
# h = hours
# d = days
# w = weeks
# y = years
#
# never purge:
PURGE_DENY=50m
HOSTS_DENY=/etc/hosts.deny
BLOCK_SERVICE=sshd
DENY_THRESHOLD_INVALID=1
DENY_THRESHOLD_VALID=10
DENY_THRESHOLD_ROOT=5
WORK_DIR=/usr/local/share/denyhosts/data
DENY_THRESHOLD_RESTRICTED =1
LOCK_FILE=/var/lock/subsys/denyhosts
HOSTNAME_LOOKUP=NO
ADMIN_EMAIL = bcsytv@gmail.com
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = jalena <bcsytv@gmail.com>
SMTP_SUBJECT = DenyHosts Daily Report
DAEMON_LOG=/var/log/denyhosts
DAEMON_PURGE=10m

 DenyHosts启动文件配置

cp daemon-control-dist daemon-control
chown root daemon-control
chmod 700 daemon-control
./daemon-control start         //启动DenyHosts

ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts    //建立符号链接
chkconfig --add denyhosts　　　　　　　　　　　　　　　　　　　　  //增加denyhosts服务进程
chkconfig  denyhosts on　　　　　　　　　　　　　　　　　　　　　　//设置开机启动denyhosts
chkconfig --list denyhosts      // 查看是否生效

至此基本就好了，接下来就看看你的异常日志吧

[root@bcsytv denyhosts]# tail -f /var/log/secure 
Jan  9 17:46:14 bcsytv sshd[2567]: Received disconnect from 218.27.190.133: 11: Bye Bye
Jan  9 17:46:15 bcsytv sshd[2568]: Address 218.27.190.133 maps to 133.190.27.218.adsl-pool.jlccptt.net.cn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Jan  9 17:46:15 bcsytv sshd[2568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.27.190.133  user=bin
Jan  9 17:46:17 bcsytv sshd[2568]: Failed password for bin from 218.27.190.133 port 37325 ssh2
Jan  9 17:46:17 bcsytv sshd[2569]: Received disconnect from 218.27.190.133: 11: Bye Bye
Jan  9 17:46:19 bcsytv sshd[2570]: Address 218.27.190.133 maps to 133.190.27.218.adsl-pool.jlccptt.net.cn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Jan  9 17:46:19 bcsytv sshd[2570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.27.190.133  user=bin
Jan  9 17:46:20 bcsytv sshd[2570]: Failed password for bin from 218.27.190.133 port 51186 ssh2
Jan  9 17:46:22 bcsytv sshd[2571]: Received disconnect from 218.27.190.133: 11: Bye Bye
Jan  9 18:02:11 bcsytv sshd[2831]: refused connect from 118.186.216.26 (118.186.216.26)