# Denyhosts in a jail is blocking the host ip and not the external.



## olav (Feb 11, 2011)

Why do this happen?

I find this error message in /var/log/auth

```
Feb 11 11:54:10 dock sshd[1315]: warning: /etc/hosts.allow, line 28: can't verify hostname: getaddrinfo(truls.example.no, AF_INET) failed
Feb 11 11:54:11 dock sshd[1316]: reverse mapping checking getaddrinfo for truls.example.no [213.225.83.68] failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 11 11:54:11 dock sshd[1315]: reverse mapping checking getaddrinfo for truls.example.no [213.225.83.68] failed - POSSIBLE BREAK-IN ATTEMPT!
```

After a few failed attempts to connect to my server I see DenyHosts adding the internal HOST ip the /etc/hosts.deniedssh file

I've modified the /etc/hosts.allow file like this

```
# Start by allowing everything (this prevents the rest of the file
# from working, so remove it when you need protection).
# The rules here work on a "First match wins" basis.
#ALL : ALL : allow

# Wrapping sshd(8) is not normally a good idea, but if you
# need to do it, here's how
#sshd : .evil.cracker.example.com : deny
sshd : /etc/hosts.deniedssh : deny
sshd : ALL : allow
```


----------



## DutchDaemon (Feb 11, 2011)

Do you have 
	
	



```
ALL : PARANOID : RFC931 20 : deny
```
 in your hosts.allow file?


----------



## olav (Feb 11, 2011)

Yes I do! I tried to deactivate it, but I got the same result


----------



## DutchDaemon (Feb 11, 2011)

Your log lines appear to indicate that that is the only real reason why you're disallowing the logins. Try restarting sshd (or inetd if you're using that as the go-between) after commenting out that line. Haven't used tcpwrappers in ages. so don't quite remember how 'sticky' these settings are.


----------

