If you look at the openssh log message provided above, you'll see the IP of the
offending host, and so there is sufficient information - denyhosts blocks by IP
rather than hostname. So, I believe denyhosts should block that host, and this
is a fairly severe bug.
Looking a bit harder into it, I think (as suggested by your mail to the
user-list) that in file /usr/lib/python2.4/site-packages/DenyHosts/regex.py
FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) not allowed because not
listed in AllowUsers""")
should be replaced with
FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) .*from
(::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) not allowed because not
listed in AllowUsers""")
I'll test this locally, but that seems to be the crux of it - REGEX7 contains no
pattern to match the host.
If you look at the openssh log message provided above, you'll see the IP of the
offending host, and so there is sufficient information - denyhosts blocks by IP
rather than hostname. So, I believe denyhosts should block that host, and this
is a fairly severe bug.
Looking a bit harder into it, I think (as suggested by your mail to the python2. 4/site- packages/ DenyHosts/ regex.py
user-list) that in file /usr/lib/
FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) not allowed because not
listed in AllowUsers""")
should be replaced with
FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) .*from )?(?P<host> \d{1,3} \.\d{1, 3}\.\d{ 1,3}\.\ d{1,3}) not allowed because not
(::ffff:
listed in AllowUsers""")
I'll test this locally, but that seems to be the crux of it - REGEX7 contains no
pattern to match the host.