Denyhosts tool: Why I was locked out?
Recently I installed denyhosts tool. Following this tutorial (Using DenyHosts) I made sure I set the SECURE_LOG variable correctly. I started the denyhosts daemon and all seemed fine.
Yesterday I was locked out. I had to have tech support delete my IP from the /etc/hosts.deny file and disable the denyhosts tool. I would like to get it working properly.
Looking at my auth.log file, I saw the log snippet below. I would like to understand why it seems that I am being logged with two addresses. First is the IP address which is correct. The second is a mystery to me. I believe its my hostname for service provider. I am logging in from the same location using the same iMac computer.
This particular machine I have provisioned has a different login authentication process. This is in comparison to the different images that my hosting provider offered in the past. With this image, I run the ssh username@ip.address in my local iMac terminal and im logged in (no password required). This of course is from the SSH key i generated and registered on their administration website.
Previous Operating System images required me to type the password for the user as part of the authentication process. The new OS image I am using now logs me in without prompting for a password. This is why I wasnt aware I was not logging in successfully. Hence, being locked out by deny hosts tool.
Can you please help me to understand how to prevent being locked out? Specifically, I would like to understand why it logs both the asdl-...bellsouth.net some times and other times it logs my IP. Do i need a static ip to prevent this?
Thank you, Gregg
Yesterday I was locked out. I had to have tech support delete my IP from the /etc/hosts.deny file and disable the denyhosts tool. I would like to get it working properly.
Looking at my auth.log file, I saw the log snippet below. I would like to understand why it seems that I am being logged with two addresses. First is the IP address which is correct. The second is a mystery to me. I believe its my hostname for service provider. I am logging in from the same location using the same iMac computer.
This particular machine I have provisioned has a different login authentication process. This is in comparison to the different images that my hosting provider offered in the past. With this image, I run the ssh username@ip.address in my local iMac terminal and im logged in (no password required). This of course is from the SSH key i generated and registered on their administration website.
Previous Operating System images required me to type the password for the user as part of the authentication process. The new OS image I am using now logs me in without prompting for a password. This is why I wasnt aware I was not logging in successfully. Hence, being locked out by deny hosts tool.
Can you please help me to understand how to prevent being locked out? Specifically, I would like to understand why it logs both the asdl-...bellsouth.net some times and other times it logs my IP. Do i need a static ip to prevent this?
Thank you, Gregg
Feb 20 22:57:31 colton.local sshd[977]: [ID 947420 auth.warning] refused connect from adsl-78-235-11-237.clt.bellsouth.net
Feb 20 22:57:37 colton.local sshd[982]: [ID 947420 auth.warning] refused connect from adsl-78-235-11-237.clt.bellsouth.net
Feb 20 22:57:41 colton.local sshd[984]: [ID 947420 auth.warning] refused connect from adsl-78-235-11-237.clt.bellsouth.net
Feb 20 22:58:10 colton.local sshd[1017]: [ID 947420 auth.warning] refused connect from adsl-78-235-11-237.clt.bellsouth.netASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER