Q: I've seen a lot of the following in my DenyHosts log. What the heck is this?

ERROR    regex pattern ( User (?P<user>.*) not allowed because not listed in AllowUsers ) is missing 'host' group

A: Ah, yes, DenyHosts. This is a Python script that examines your system logs for failed SSH login attempts. It will add the IP addresses of offending systems to your system's hosts.deny file, more or less blacklisting them. While this alone probably won't stop a determined attacker, it will at least stop automated dictionary attacks from cluttering up your system log.

As for the error message, it seems to be complaining that one of the regular expressions that DenyHosts uses to analyze the system logs is missing a little something. Fortunately, you can redefine any of these regexes by appending the appropriate line to your denyhosts.cfg file. For example, to redefine the regex that's causing this message, you could add a line like this:

FAILED_ENTRY_REGEX7=User (?P<user>.*?) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) not allowed because not listed in AllowUsers