How to manage failed logins in SSH

SSH server can be configured to allow an authenticating client a number of tries for a set period of time before the authentication is considered a failure. By default an SSH user is allowed 3 attempts within 120 seconds (2 minutes) to authenticate whereby the client will then be given the Permission denied error and the session closed.

The failed login will be logged and the user will then be allowed to log in again. This might slow down a malicious login attempts but will not deter brute-force attacks.

How to block SSH login brute force

Steps to manage failed logins in SSH:

Launch terminal.
Open SSHd configuration file using your preferred text editor.
```
$ sudo vi /etc/ssh/sshd_config
[sudo] password for user:
```
Search for LoginGraceTime and set the value in seconds.
```
LoginGraceTime 60
```
Remove # if exist at the start of the line to uncomment.
Can also use unit such as m for minute. Set the value to 0 to disable the feature.
```
LoginGraceTime 1m
```
Search for MaxAuthTries and set the number of times authentication attempt is allowed.
```
MaxAuthTries 5
```
Remove # if exist at the start of the line to uncomment.
Restart ssh service for changes to take effect.
```
$ sudo systemctl restart sshd
```
How to start, restart and stop SSH service

Author: Mohd Shakir Zakaria
Cloud architect by profession but always consider himself as a developer, entrepreneur and an opensource enthusiast.

Discuss the article:

Comment anonymously. Login not required.