Managing failed login attempts in SSH is crucial for system security. By default, an SSH server permits three authentication attempts within a 120-second window. If these attempts fail, the session is terminated, and the server logs the event.
While the default settings provide a balance between accessibility and security, they might not be enough to prevent automated brute-force attacks. Adjusting parameters like LoginGraceTime and MaxAuthTries can enhance protection by reducing the chances of unauthorized access.
Properly configuring these settings ensures that legitimate users can still authenticate while minimizing the risk of intrusion. These adjustments are essential for maintaining the security of your SSH server.
Steps to manage failed login attempts in SSH:
- Launch terminal.
- Open the SSH configuration file on your system.
$ sudo vi /etc/ssh/sshd_config [sudo] password for user:
- Locate the LoginGraceTime parameter and set the desired time limit for login attempts.
LoginGraceTime 60
Remove # if exist at the start of the line to uncomment.
Can also use unit such as m for minute. Set the value to 0 to disable the feature.
LoginGraceTime 1m
- Find the MaxAuthTries parameter and set the maximum number of allowed attempts.
MaxAuthTries 5
Add the line if it doesn't already exist and remove # at the beginning of the line if it exists.
- Save the changes to the configuration file.
- Restart the SSH service to apply the new settings.
$ sudo systemctl restart ssh
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.
Comment anonymously. Login not required.