A new version of OpenSSH has been released and is bound to be quickly integrated into our preferred Linux distributions; good news! But…
sshd(8): Support for tcpwrappers/libwrap has been removed.
This may look rather inoffensive. But this means, that the SSH server will not use the /etc/hosts.allow and /etc/hosts.deny files to decide wether the IP address of a machine that is attempting to connect should be allowed to, or not.
My problem is that DenyHosts is relying on these files to protect the SSH port on my server. I fear this will be the death of the DenyHosts project. For instance, the Debian Linux distribution removed it from its software repositories. Thus I have to find an alternative software.
The two most common suggestions for replacing DenyHosts are Fail2ban and Sshguard. I choose Fail2ban because the latest version of Sshguard is a few years old (2011), and because Fail2ban allows for more personalization.