roles/common: Limit number of SSH authentication attempts

The default in later OpenSSH is 6, which seems too high. If you can't get your password correct after 3 tries then I think you need help. Eventually I'd like an easy way to enable blocking of repeated login attempts at the firewall level. I think it's possible in firewalld.
2018-07-23 13:12:53 +03:00 · 2018-07-23 13:12:53 +03:00 · 963bf65099
commit 963bf65099
parent 4f6d02922a
3 changed files with 3 additions and 2 deletions
--- a/roles/common/templates/sshd_config_Debian-9.j2
+++ b/roles/common/templates/sshd_config_Debian-9.j2
@ -32,7 +32,7 @@ LogLevel VERBOSE
 #LoginGraceTime 2m
 PermitRootLogin prohibit-password
 #StrictModes yes
-#MaxAuthTries 6
+MaxAuthTries 3
 #MaxSessions 10
 # Password based logins are disabled - only public key based logins are allowed.
 AuthenticationMethods publickey
--- a/roles/common/templates/sshd_config_Ubuntu-16.04.j2
+++ b/roles/common/templates/sshd_config_Ubuntu-16.04.j2
@ -70,6 +70,7 @@ PrintLastLog yes
 TCPKeepAlive yes
 #UseLogin no

+MaxAuthTries 3
 #MaxStartups 10:30:60
 #Banner /etc/issue.net

--- a/roles/common/templates/sshd_config_Ubuntu-18.04.j2
+++ b/roles/common/templates/sshd_config_Ubuntu-18.04.j2
@ -31,7 +31,7 @@ LogLevel VERBOSE
 #LoginGraceTime 2m
 PermitRootLogin prohibit-password
 #StrictModes yes
-#MaxAuthTries 6
+MaxAuthTries 3
 #MaxSessions 10

 #PubkeyAuthentication yes