Enhancing Security: Implementing Account Lockout after Failed SSH Login Attempts on RHEL9

Introduction:

In today’s digital landscape, safeguarding sensitive information and securing access to systems is paramount. One of the most widely used methods for remote server administration is SSH (Secure Shell). To strengthen the security of your Linux system, implementing measures such as account lockout after a certain number of failed login attempts is crucial. In this blog post, we will explore how to configure your RHEL9 system to enforce a hit and trial password limit and automatically lock an account after three unsuccessful SSH login attempts.

Step 1: Configuring SSHD Configuration File

1. Open the SSHD configuration file located at `/etc/ssh/sshd_config` using a text editor.

2. Locate the line that starts with `#MaxAuthTries`. Uncomment the line by removing the `#` symbol.

3. Set the value of `MaxAuthTries` to `3`. This will limit the number of password attempts to three before locking the account.

4. Save the changes and exit the editor.

Step 2: Configuring PAM (Pluggable Authentication Modules)

1. Open the PAM configuration file for SSH located at `/etc/pam.d/sshd` using a text editor.

2. Add the following line at the top of the file:

auth required pam_tally2.so deny=3 unlock_time=1800

This line configures the `pam_tally2` module to deny access after three failed attempts and locks the account for 30 minutes (1800 seconds).

3. Save the changes and exit the editor.

Step 3: Restarting SSHD Service

1. Open a terminal and run the following command as the root user:

systemctl restart sshd

This command restarts the SSHD service to apply the changes made to the configuration files.

Step 4: Testing the Configuration

1. Open a new terminal or SSH client and attempt to log in to the Linux system using SSH.

2. Enter an incorrect password three times consecutively.

3. After the third failed attempt, the account will be automatically locked for the specified time (30 minutes in this case).

4. Wait for the designated time period to elapse, and the account will be automatically unlocked for login.

Conclusion:

By implementing account lockout after a certain number of failed SSH login attempts, you can significantly enhance the security of your RHEL9 Linux system. The steps outlined in this blog provide a practical approach to enforce password limits and deter unauthorized access. Remember to strike a balance between security and user convenience when choosing the lockout duration. Regularly monitor system logs and security events to stay vigilant and ensure the ongoing safety of your Linux environment.

Stay proactive and safeguard your digital assets by implementing robust security measures that protect against potential threats. With the proper configuration in place, you can reinforce the integrity of your system and mitigate the risk of unauthorized access.