Configuring SSH Password Attempts and Account Lockout on RHEL 9

Securing remote access to a system is essential to prevent unauthorized access. In this tutorial, we will configure SSH to limit the number of password attempts and lock the user account after a specified number of failed attempts on Red Hat Enterprise Linux (RHEL) 9.

Step 1: Configuring SSHD Configuration File

1. Open the SSHD configuration file located at ‘/etc/ssh/sshd_config’ using a text editor.

2. Locate the line that starts with ‘#MaxAuthTries’. Uncomment the line by removing the # symbol.

3. Set the value of ‘MaxAuthTries’ to ‘3’. This will limit the number of password attempts to three before locking the account.

4. Save the changes and exit the editor.

Step 2: Configuring PAM (Pluggable Authentication Modules)

1. Open the PAM configuration file for SSH located at ‘/etc/pam.d/sshd’ using a text editor.

2. Add the following line at the top of the file:

auth required pam_tally2.so deny=3 unlock_time=180

This line configures the ‘pam_tally2' module to deny access after three failed attempts and locks the account for 3 minutes (180 seconds).

3. Save the changes and exit the editor.

Step 3: Restarting SSHD Service

1. Open a terminal and run the following command as the root user:

systemctl restart sshd

This command restarts the SSHD service to apply the changes made to the configuration files.

Step 4: Testing the Configuration

1. Open a new terminal or SSH client and attempt to log in to the Linux system using SSH.

2. Enter an incorrect password three times consecutively.

3. After the third failed attempt, the account will be automatically locked for the specified time (3 minutes in this case).

4. Wait for the designated time period to elapse, and the account will be automatically unlocked for login.

Conclusion:

By limiting password authentication attempts and configuring account lockout policies, we have enhanced the security of our SSH server on RHEL 9. These measures help protect the system from brute force attacks and unauthorized access attempts. Remember to carefully manage your SSH user accounts and ensure you have other secure authentication methods, such as SSH keys, in place to further improve security.