I've used it before on Gentoo Linux and liked it, so today I'll lay out the steps required to install and configure it on FreeBSD:
- % su
- # cd /usr/ports/security/denyhosts
- # make install clean
- # echo 'denyhosts_enable="YES"' >> /etc/rc.conf
- # echo 'syslogd_flags="-s -c"' >> /etc/rc.conf
- # echo "sshd : /etc/hosts.deniedssh : deny" >> /etc/hosts.allow
- # echo "sshd : ALL : allow" >> /etc/hosts.allow
- # touch /etc/hosts.deniedssh
- Edit /usr/local/etc/denyhosts.conf and uncoment the BLOCK_SERVICE = sshd entry.
- # /usr/local/etc/rc.d/denyhosts onestart
From step 4 to 9, rc.conf is updated so that DenyHosts is started at boot time and can act as a daemon monitoring SSH unauthorized login attempts registering them in hosts.deniedssh.
Finally, step 10 starts DenyHosts imediattely.
If you wish to learn more about DenyHosts have a look at the project's homepage at http://denyhosts.sourceforge.net.