Skip to content

Ensure SSH LoginGraceTime is configured

An XCCDF Rule

Description

The LoginGraceTime parameter to the SSH server specifies the time allowed for successful authentication to the SSH server. The longer the Grace period is the more open unauthenticated connections can exist. Like other session controls in this session the Grace Period should be limited to appropriate limits to ensure the service is available for needed access.

Rationale

Setting the LoginGraceTime parameter to a low number will minimize the risk of successful brute force attacks to the SSH server. It will also limit the number of concurrent unauthenticated connections.

ID
xccdf_org.ssgproject.content_rule_sshd_set_login_grace_time
Severity
Medium
References
Updated