alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

roles/common: Limit number of SSH authentication attempts

Browse Source 
The default in later OpenSSH is 6, which seems too high. If you can't
get your password correct after 3 tries then I think you need help.

Eventually I'd like an easy way to enable blocking of repeated login
attempts at the firewall level. I think it's possible in firewalld.
This commit is contained in:
Alan Orth 2018-07-23 13:12:53 +03:00
parent 4f6d02922a
commit 963bf65099
Signed by: alanorth
GPG Key ID: 0FB860CC9C45B1B9
3 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/common/templates/sshd_config_Debian-9.j2
View File

@ -32,7 +32,7 @@ LogLevel VERBOSE
#LoginGraceTime 2m #LoginGraceTime 2m
PermitRootLogin prohibit-password PermitRootLogin prohibit-password
#StrictModes yes #StrictModes yes
#MaxAuthTries 6 MaxAuthTries 3
#MaxSessions 10 #MaxSessions 10
# Password based logins are disabled - only public key based logins are allowed. # Password based logins are disabled - only public key based logins are allowed.
AuthenticationMethods publickey AuthenticationMethods publickey

1
roles/common/templates/sshd_config_Ubuntu-16.04.j2
View File

@ -70,6 +70,7 @@ PrintLastLog yes
TCPKeepAlive yes TCPKeepAlive yes
#UseLogin no #UseLogin no
MaxAuthTries 3
#MaxStartups 10:30:60 #MaxStartups 10:30:60
#Banner /etc/issue.net #Banner /etc/issue.net

2
roles/common/templates/sshd_config_Ubuntu-18.04.j2
View File

@ -31,7 +31,7 @@ LogLevel VERBOSE
#LoginGraceTime 2m #LoginGraceTime 2m
PermitRootLogin prohibit-password PermitRootLogin prohibit-password
#StrictModes yes #StrictModes yes
#MaxAuthTries 6 MaxAuthTries 3
#MaxSessions 10 #MaxSessions 10
#PubkeyAuthentication yes #PubkeyAuthentication yes