Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
12-07-2012, 04:26 AM
|
#1
|
|
Member
Registered: Nov 2012
Location: Bangalore
Distribution: RHEL and Centos
Posts: 79
Rep: 
|
How to lock the users after ssh failed login attempts ?
Hi LQ Dears
I am using RHEL 5.4 Linux box,
Still i am facing lot of failed login attempts from SSH.
Is there any way to lock or restrict the user after failed
login attempts ?
please guide me guyz !
Regards
Bala.LinuxTech
|
|
|
|
|
12-07-2012, 04:35 AM
|
#2
|
|
Member
Registered: Jan 2009
Location: New England
Distribution: Arch Linux
Posts: 690
Rep: 
|
I would suggest you edit the servers /etc/ssh/sshd_config
Code:
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
MaxAuthTries 6
MaxSessions 10
|
|
|
|
|
12-07-2012, 04:39 AM
|
#3
|
|
Member
Registered: Nov 2012
Location: Bangalore
Distribution: RHEL and Centos
Posts: 79
Original Poster
Rep:
|
Quote:
Originally Posted by jv2112
I would suggest you edit the servers /etc/ssh/sshd_config
Code:
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
MaxAuthTries 6
MaxSessions 10
|
Dear jv2112
Thanks ., Could you please explain what does it mean, LoginGraceTime 2m , #StrictModes yes , MaxAuthTries 6 ,MaxSessions 10
Thanks in advance
Regards
Bala.Linuxtech |
|
|
|
|
12-07-2012, 04:51 AM
|
#4
|
|
Moderator
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733
|
You could look at fail2ban to automate analyzing logs to update iptables rules or hosts.deny to reject connections. You could instead run a user mod command to suspend an account. You could monitor other types of logs such as Apache as well.
http://www.linux-magazine.com/Online...-with-fail2ban
For SSH, you should be using keys instead of user name/password authentication. Then any challenge/response attempt will be rejected.
Use AllowUsers to limit who can log in. Many attempts against SSH will be system users. Others will be against root. Suspending the root account will lock you out of your own server. Better to not allow root logins. |
|
|
|
|
12-07-2012, 05:05 AM
|
#5
|
|
Member
Registered: Nov 2012
Location: Bangalore
Distribution: RHEL and Centos
Posts: 79
Original Poster
Rep:
|
Quote:
Originally Posted by jschiwal
You could look at fail2ban to automate analyzing logs to update iptables rules or hosts.deny to reject connections. You could instead run a user mod command to suspend an account. You could monitor other types of logs such as Apache as well.
http://www.linux-magazine.com/Online...-with-fail2ban
For SSH, you should be using keys instead of user name/password authentication. Then any challenge/response attempt will be rejected.
Use AllowUsers to limit who can log in. Many attempts against SSH will be system users. Others will be against root. Suspending the root account will lock you out of your own server. Better to not allow root logins. |
Dear jschiwal
Thanks ., Fail2ban is very interesting but i dont have a access to install third party tools / softwares in servers, could you guide me another way for this same !!!
Thanks in advance
Regards
Bala.Linuxtech |
|
|
|
|
12-07-2012, 05:52 AM
|
#6
|
|
Moderator
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733
|
There is an official fail2ban rhel package, so you won't be installing a 3rd party tool. Use the package from your RH repository. The regular expressions used will match your log files. And you won't need to mess with selinux restrictions. The package should handle that for you during installation. Be sure to research fail2ban on the Red Hat site. Using it to protect SSH is the most common usage, so I'm sure it will be well covered.
There is a Pam module (pam_tally) that can suspend accounts after a number of failed login attempts.
http://www.cyberciti.biz/tips/rhel-c...led-login.html
The sshd_config maxauthtries option will log failed attempts on the same connection that exceed half that number and break the connection when it reaches the max. |
|
|
|
|
12-07-2012, 06:40 AM
|
#7
|
|
Moderator
Registered: May 2001
Posts: 24,964
|
Quote:
Originally Posted by bala.linuxtech
please explain what does it mean, LoginGraceTime 2m , #StrictModes yes , MaxAuthTries 6 ,MaxSessions 10
|
A lot of information is at your fingertips with the whois, whatis, which, apropos, info and man commands. In this case you know it's related to ssh, so if you run 'apropos ssh' you'll get a list of manual pages. Select one, scroll to the bottom and notice the "See also" section. Eventually you'll find 'man sshd_config' explaining these configuration settings. If, after reading, you have more specific questions then ask. |
|
|
|
|
12-07-2012, 08:31 AM
|
#8
|
|
Senior Member
Registered: Jan 2011
Distribution: Slack14_64_Multilib
Posts: 1,491
Rep:
|
Quote:
Is there any way to lock or restrict the user after failed
login attempts ?
please guide me guyz !
|
for daemon settings.
Personally, I'd use ssh keys only. |
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 01:59 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
