I am trying to unblock an IP from which I was doing some tests. I have followed the tutorials on the net:
$ sudo /etc/init.d/denyhosts stop
$ sudo vim /etc/deny.
Adding to an old question, but on Debian Wheezy removing the IP entries did not help: within seconds of running "service denyhost start" the IP would be re-added to hosts.deny and all the files in /var/lib/denyhosts/. It turns out that DenyHosts was re-scanning /var/log/auth.log which included the failed login attempts.
After removing the IP entry from the files listed above, before you restart denyhosts, force auth.log to be archived by running (as root):
logrotate -vf /etc/logrotate.d/rsyslog
Double-check that /var/log/auth.log is empty, then restart denyhosts.
Just add the IP that should always have access to the file:
/etc/hosts.allow
That entry could look like:
ALL: 30.20.10.0/24
That way, even if it ends up in /etc/hosts.deny
as well, the IP will still have access.
Mind the ALL
before the IP, I see you forgot that with your echo
statement.
References:
This worked for me on Centos. Follow the 8 steps below and you should be good to go.
Stop DenyHosts
# services denyhosts stop
Remove the IP address from /etc/hosts.deny
Edit /var/lib/denyhosts/hosts
and remove the lines containing the IP address. Save the file.
Edit /var/lib/denyhosts/hosts-restricted
and remove the lines containing the IP address. Save the file.
Edit /var/lib/denyhosts/hosts-root
and remove the lines containing the IP address. Save the file.
Edit /var/lib/denyhosts/hosts-valid
and remove the lines containing the IP address. Save the file.
Edit /var/lib/denyhosts/users-hosts
and remove the lines containing the IP address. Save the file.
(optional) Consider adding the IP address to /var/lib/denyhosts/allowed-hosts
Start DenyHosts
# services denyhosts start
You can do this in 4 commands. It automates the earlier answer from @Abdellatif with a python script, so you should thoroughly glance over the source before pasting these 4 lines into the command prompt (replacing IP_ADDRESS with the ip address):
sudo /etc/init.d/denyhosts stop
git clone https://github.com/rsprabery/unblock.git
sudo python unblock/unblock.py <IP_ADDRESS>
sudo /etc/init.d/denyhosts start
It should work on all Ubuntu systems. And it's fast. And you don't have to edit any files. But, you are running someone else's script as sudo.
Nothing worked but Answer by Oleksandr Shmyheliuk
Used following two commands
iptables -L -n -v | grep 49.33.135.137
if there is output then use following command
iptables -D INPUT -s 49.33.135.137 -j DROP
Ubuntu 18.04
IP_UNBLOCK='1.2.3.4'
systemctl stop denyhosts
sed -i -e "/$IP_UNBLOCK/d" /etc/hosts.deny
sed -i -e "/^$IP_UNBLOCK/d" /var/lib/denyhosts/hosts
sed -i -e "/^$IP_UNBLOCK/d" /var/lib/denyhosts/hosts-restricted
sed -i -e "/^$IP_UNBLOCK/d" /var/lib/denyhosts/hosts-root
sed -i -e "/^$IP_UNBLOCK/d" /var/lib/denyhosts/hosts-valid
sed -i -e "/$IP_UNBLOCK/d" /var/lib/denyhosts/users-hosts
sed -i -e "/^$IP_UNBLOCK/d" /var/lib/denyhosts/hosts-root
sed -i -e "/refused connect from $IP_UNBLOCK/d" /var/log/auth.log
sed -i -e "/from $IP_UNBLOCK port/d" /var/log/auth.log
iptables -D INPUT -s "$IP_UNBLOCK" -j DROP
ufw reload
systemctl start denyhosts
and run this before you install denyhosts
echo "All:" $(last -i | grep -v '0.0.0.0' | grep 'root' | head -1 | awk '{print $3}') >> /etc/hosts.allow