Got yourself banned by DenyHosts? Why not give DenyHosts-unban a whirl

28 December 2012

Often people will get themselves banned from a server because they used the wrong SSH key or they simply forgot their passphrase or even password. This simple little piece of tech will help your Sys Admins/DevOps deal with these minor annoyances with greater ease.

One of the tasks I've had to deal with semi-frequently is unbanning people from a server because they've misstyped their password or something similar and DenyHosts has banned them.

If you're unfamilar with DenyHosts, it's a daemon that will sit on your server and monitor SSH activity, it is configurable to block IP addresses using tcpwrappers based on a set of rules - http://denyhosts.sourceforge.net/

DenyHosts-unban

DenyHosts keeps it's own internal database of IP addresses that it has banned, so simply removing the offending address(es) from /etc/hosts.deny will not do the trick, I have created a simple Python script to handle the work for you called DenyHosts-unban.

The project has been going for quite a while now and oddly actually has quite a few people that use it, requests have even been made for it to be packaged with the Debian/Ubuntu DenyHosts package.

You can find the code, tarball and zipballs here on GitHub.

Usage

Usage is relatively simple, you can either unban a single IP using:


sudo denyhosts-unban.py 10.0.0.1


multiples using:


sudo denyhosts-unban.py 10.0.0.1 10.0.0.2


or, you can use a bashism to unban an entire range or set of ranges:


sudo denyhosts-unban 10.0.0.{0..255}

sudo denyhosts-unban.py 10.0.{0..1}.{0..255}

Note: This is a repost of something I wrote for my blog over @ https://syslog.tv

Share

Add a comment