SSH server is by default configured to allow a user or client several tries to authenticate within a period before it's considered a failure. The default configuration allows three authentication attempts within 120 seconds (2 minutes), where if it still fails, the client will be given the Permission denied error and the session closed.
The SSH server will log the failed login, and the user will then be allowed to log in again after the period has passed. Temporarily blocking failed SSH login might slow down malicious login attempts but will not deter brute-force attacks by bots.
Related: How to protect against SSH brute force attacks
Related: How to check failed SSH login attempts
Steps to manage failed login attempts in SSH:
- Launch terminal.
- Open SSHd configuration file using your preferred text editor.
$ sudo vi /etc/ssh/sshd_config [sudo] password for user:
- Search for LoginGraceTime and set the value in seconds.
LoginGraceTime 60
Remove # if exist at the start of the line to uncomment.
Can also use unit such as m for minute. Set the value to 0 to disable the feature.
LoginGraceTime 1m
- Search for MaxAuthTries and set the number of times authentication attempt is allowed.
MaxAuthTries 5
Add the line if it doesn't already exist and remove # at the beginning of the line if it exists.
- Restart ssh service for changes to take effect.
$ sudo systemctl restart sshd
Mohd Shakir Zakaria is a skilled cloud architect with a background in development, entrepreneurship, and open-source advocacy. As the founder of Simplified Guide, he helps others understand the complexities of computing, making tech concepts accessible to all.
Comment anonymously. Login not required.