Ensure SSH LoginGraceTime is configured
An XCCDF Rule
Description
The LoginGraceTime
parameter to the SSH server specifies the time allowed for successful authentication to
the SSH server. The longer the Grace period is the more open unauthenticated connections
can exist. Like other session controls in this session the Grace Period should be limited to
appropriate limits to ensure the service is available for needed access.
Rationale
Setting the LoginGraceTime
parameter to a low number will minimize the risk of successful
brute force attacks to the SSH server. It will also limit the number of concurrent
unauthenticated connections.
- ID
- xccdf_org.ssgproject.content_rule_sshd_set_login_grace_time
- Severity
- Medium
- References
- Updated