Hi
I would like to stop invalid logon attempts.
I want to fix it on 3 attempts.

waiting for your reply

Tariq

what do you mean by invaild log on attempts.

the only way to stop this is to remember your password...

you need to provide FAR more info here.... look at it from the perspective of someone who doesn't know your situation....

I think he wants to lock the login on 3 unsuccessful attempts. Do you want this remotely, or locally?

Note that you need to think really carefully about how you'd like to implement this. For example an attacker could DoS the system simply by attempting logins and locking out accounts of other users including root. I've seen this solved with a whitelist approach or with a reset of the lockout after a certain period of time, but personally I don't like either one.

Hi
Actually I want to limit the invalid logon attempts upto three times.After unsuccessful attempts system will allow after 5 minutes to try it again.
Actually this is requirment of aduit.

waiting for your help.

Tariq

Why r u allowing for 3 attempt,i thing this is ur 3 post?That's what?

To set the number of Auth tries, edit the sshd_config file and set the MaxAuthTries variable to 3. If your version of linux uses pam, you'll likely need to modify pam_tally settings in system-auth as well (likely lives in /etc/pam.d/). I don't believe sshd can do lockouts by itself, so you'd probably need to use pam.

Here are the pam docs, in particular look at the pam_tally section on this page. You'll likely need to use the 'unlock_time' variable and make sure to include magic_root to keep root from getting locked out. You'll still want to prevent remote root logins over sshd using the PermitRootLogins option in sshd_conf, but you don't want to lock root out locally, hence the magic_root setting. If that doesn't make an sense, read the pam docs

Hi
Where sshd_config file exist.I was unable to find this file.
Kindly any one help me to find out this file.
send the complete path.

it should be in /etc/ssh/

if not try "find / -name sshd_conf*"

Hi
I set the variable MaxAuthTries to 3 but before that there is no variable exist,I typed my self in the file sshd_conf ans then save the changes but there is no effect appeared.Is there necessary to reboot the system ?
One thing I'd like to share with you is that, all vaiable was not active except one or two variable.

Waiting for reply

You'll need to restart the sshd service so that it re-reads the config file. Make sure that the MaxAuthTries line is uncommented (doesn't have a '#' before it). All the other commented variables will be set to the default settings, so you don't need to worry about them right now. Note that the MaxAuthTries setting will only limit the number of authentication attempts *per connection*. So if a user fails 3 auth tries, then the connectino will be closed, but the user can still re-establish a new connection and will get 3 new authentication tries. To truly lock them out you'll need to use pam_tally.

Personally I think there are better tools to prevent bruteforce attacks against the sshd service. Take a look at this thread for some other solutions that I think will likely work better.

Hi
I set the MaxAuthTries to 3.but Will it work when i attempt it locally or remotelly.
I tried it locally but it did not work.so kindly guide me regarding this.

Waiting for reply

Try fail2ban, its very configurable and I have it set to after 3 unsuccessfull ssh login attemps it adds a rule to the firewall to ban the source IP for a week.