SSH (Secure Shell) is a protocol that provides secure remote access to servers over an unsecured network. It encrypts data during transfer, preventing eavesdropping and unauthorized tampering. So improper configuration of SSH settings can systems vulnerable to brute force attacks on the server. It is very important to harden the SSH configuration for the most effective security. In SSH Configuration there is one important setting is LoginGraceTime, which can prevent brute force attacks & specify the time allowed for successful authentication to the SSH server.
This article explains how to set it for maximum SSH protection.
Understanding LoginGraceTime
When you start the SSH connection, the server makes a temporary connection and you will have some set of time to provide valid credentials like
username and password or authentication key to complete the login process. The LoginGraceTime parameter works here in this window.
A long-time of LoginGraceTime offers more time to authenticate, but it can also generate a vulnerability. malicious activity can exploit this extended window to initiate brute-force attacks and retry with different login attempts in hopes of cracking the password.
So Set the LoginGraceTime parameter to a small number minimizes the risk of a successful brute force attack and it will also limit the number of concurrent unauthenticated connections.
Benefits of Set LoginGraceTime
By setting the LoginGraceTime parameter to a small number minimizes the risk of a brute force attempts on the SSH server. This will make it much more complex for attackers to gain access to the server. This will also limit the number of concurrent unauthenticated connections.
Below is a list of the benefits :
Small Attack Window minimizes the time attachers
Shorter timeouts lead to quicker identification of suspicious activity.
How to Set LoginGraceTime for Maximum Protection
Here’s how to set LoginGraceTime on most Linux systems:
Step 1: Edit the SSH Configuration File
Open a terminal window. Use a text editor (like vi /vim or nano ) to edit the SSH configuration file, typically located at /etc/ssh/sshd_config
Step 2: Search the LoginGraceTime Parameter
In the configuration file search for the LoginGraceTime parameter. if it is commented then remove the “#” symbol to enable it by default it is commented out.
Step 3: Set the Desired LoginGraceTime Value
Now change the value after “LoginGraceTime” in seconds . A common value is between 30 and 60 seconds .This allows authorized users sufficient time to authenticate .
Step 4: Save and Restart the SSH Service
After making changes in SSH Configuration file , exit from text editor and Restart the SSH service to apply the new settings using the below command . The restart command may different depending on your Linux distribution .
sudo systemctl restart sshd
If you want to read more information about how to install Ubuntu 22.04 .Just visit Guide to Installing Ubuntu 22.04