Add the following to your denyhosts.cfg file-- make sure that is appears on a single line: FAILED_ENTRY_REGEX=error: PAM: authentication error for (?Pinvalid user |illegal user )?(?P.*?) from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})