How to Configure Maximum Login Attempts in SSHD for Linux Servers (LAMP/YUM Installation)


50 views

When securing SSH access on Linux servers (particularly in LAMP environments installed via YUM), controlling failed login attempts is crucial for preventing brute force attacks. The most effective approaches involve either modifying sshd_config or integrating fail2ban.

Edit your sshd configuration file (typically at /etc/ssh/sshd_config) with these parameters:

# Set maximum authentication attempts
MaxAuthTries 3

# Configure login grace time (time allowed per login attempt)
LoginGraceTime 60

# Optionally prevent root login
PermitRootLogin no

After making changes, restart SSHD:

sudo systemctl restart sshd

For more sophisticated protection, install and configure fail2ban:

sudo yum install epel-release
sudo yum install fail2ban

Create a custom jail configuration at /etc/fail2ban/jail.local:

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/secure
maxretry = 3
bantime = 3600
findtime = 600

Check your security logs to confirm the restrictions are working:

sudo tail -f /var/log/secure

Test with incorrect credentials to trigger the limit (use a separate session in case you get locked out).

  • Combine with key-based authentication
  • Change default SSH port (Port 2222 in sshd_config)
  • Implement two-factor authentication
  • Regularly update SSH packages via YUM

When running a LAMP stack with SSH access, brute force attacks are a constant threat. The default SSH configuration allows unlimited login attempts, making your server vulnerable to dictionary attacks. Implementing login attempt limits is crucial for production environments.

The most robust approach is using Fail2Ban, which scans log files and bans IPs that show malicious signs:

# Installation (CentOS/RHEL)
sudo yum install epel-release
sudo yum install fail2ban

# Basic configuration
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

# Edit the SSH section
sudo nano /etc/fail2ban/jail.local

Add/modify these parameters:

[sshd]
enabled = true
maxretry = 3
findtime = 600
bantime = 3600

For a simpler solution without additional packages, modify sshd_config:

# Edit SSH configuration
sudo nano /etc/ssh/sshd_config

# Add these lines
MaxAuthTries 3
LoginGraceTime 60

Then restart the SSH service:

sudo systemctl restart sshd

For systems using firewalld, you can implement connection rate limiting:

# Add rich rule for SSH
sudo firewall-cmd --permanent --add-rich-rule='rule service name="ssh" accept limit value="3/m"'
sudo firewall-cmd --reload

Test your settings by attempting failed logins. Check logs with:

# For Fail2Ban
sudo fail2ban-client status sshd

# For general SSH logs
sudo tail -f /var/log/secure

1. Always maintain alternative access methods when testing login restrictions
2. Combine methods for defense in depth (e.g., Fail2Ban + firewalld)
3. Monitor logs regularly to detect attack patterns
4. Consider implementing key-based authentication instead of passwords

# To enforce key-based auth
sudo nano /etc/ssh/sshd_config
PasswordAuthentication no