Denyhosts in a jail is blocking the host ip and not the external.

[olav]

Why do this happen?

I find this error message in /var/log/auth

Feb 11 11:54:10 dock sshd[1315]: warning: /etc/hosts.allow, line 28: can't verify hostname: getaddrinfo(truls.example.no, AF_INET) failed
Feb 11 11:54:11 dock sshd[1316]: reverse mapping checking getaddrinfo for truls.example.no [213.225.83.68] failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 11 11:54:11 dock sshd[1315]: reverse mapping checking getaddrinfo for truls.example.no [213.225.83.68] failed - POSSIBLE BREAK-IN ATTEMPT!

After a few failed attempts to connect to my server I see DenyHosts adding the internal HOST ip the /etc/hosts.deniedssh file

I've modified the /etc/hosts.allow file like this

# Start by allowing everything (this prevents the rest of the file
# from working, so remove it when you need protection).
# The rules here work on a "First match wins" basis.
#ALL : ALL : allow

# Wrapping sshd(8) is not normally a good idea, but if you
# need to do it, here's how
#sshd : .evil.cracker.example.com : deny
sshd : /etc/hosts.deniedssh : deny
sshd : ALL : allow

 

[DutchDaemon]

Do you have

ALL : PARANOID : RFC931 20 : deny

in your hosts.allow file?

 

[olav]

Yes I do! I tried to deactivate it, but I got the same result

 

[DutchDaemon]

Your log lines appear to indicate that that is the only real reason why you're disallowing the logins. Try restarting sshd (or inetd if you're using that as the go-between) after commenting out that line. Haven't used tcpwrappers in ages. so don't quite remember how 'sticky' these settings are.