SSH (Secure Shell) is a protocol that provides secure remote access to servers over an unsecured network. It encrypts data during transfer, preventing eavesdropping and unauthorized tampering. So improper configuration of SSH settings can systems vulnerable to brute force attacks on the server. It is very important to harden the SSH configuration for the most effective security. In SSH Configuration there is one important setting is LoginGraceTime, which can prevent brute force attacks & specify the time allowed for successful authentication to the SSH server.

This article explains how to set it for maximum SSH protection.

Understanding LoginGraceTime

When you start the SSH connection, the server makes a temporary connection and you will have some set of time to provide valid credentials like
username and password or authentication key to complete the login process. The LoginGraceTime parameter works here in this window.

A long-time of LoginGraceTime offers more time to authenticate, but it can also generate a vulnerability. malicious activity can exploit this extended window to initiate brute-force attacks and retry with different login attempts in hopes of cracking the password.

So Set the LoginGraceTime parameter to a small number minimizes the risk of a successful brute force attack and it will also limit the number of concurrent unauthenticated connections.

Benefits of Set LoginGraceTime

By setting the LoginGraceTime parameter to a small number minimizes the risk of a brute force attempts on the SSH server. This will make it much more complex for attackers to gain access to the server. This will also limit the number of concurrent unauthenticated connections.

Below is a list of the benefits :

Small Attack Window minimizes the time attachers
Shorter timeouts lead to quicker identification of suspicious activity.

How to Set LoginGraceTime for Maximum Protection

Here’s how to set LoginGraceTime on most Linux systems:

Step 1: Edit the SSH Configuration File

Open a terminal window. Use a text editor (like vi /vim or nano ) to edit the SSH configuration file, typically located at /etc/ssh/sshd_config

Step 2: Search the LoginGraceTime Parameter

In the configuration file search for the LoginGraceTime parameter. if it is commented then remove the “#” symbol to enable it by default it is commented out.

Login Grace Time

Step 3: Set the Desired LoginGraceTime Value

Now change the value after “LoginGraceTime” in seconds . A common value is between 30 and 60 seconds .This allows authorized users sufficient time to authenticate .

set login grace time in seconds

Step 4: Save and Restart the SSH Service

After making changes in SSH Configuration file , exit from text editor and Restart the SSH service to apply the new settings using the below command . The restart command may different depending on your Linux distribution .

sudo systemctl restart sshd 

If you want to read more information about how to install Ubuntu 22.04 .Just visit Guide to Installing Ubuntu 22.04

By Sachin G

I am a professional freelance contributor and founder of tech transit. Love to write and lover of education, culture, and community. I have been using it, setting, supporting, and maintaining it since 2009.Linux rocks! Sachin G Follow me on LinkedIn and x formerly twitter