I would like to limit failure retries on my Fedora machine to 5. I think I can accomplish it with PAM. But was unable to to do this.
I have referred to this article to do this
http://www.puschitz.com/SecuringLinux.shtml
Please provide suggestions
SnapOverflow
You might be interested in fail2ban.
Simply modify your /etc/ssh/sshd_config file; add
and restart sshd.
I use an iptables rule that limits SSH connections to no more than 10 per minute. After 10 connections (or attempts), new incoming connections from that IP are dropped, which is usually enough to make the would-be crackers go away.
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 --rttl --name SSH -j DROPAnother dynamic connection blocker based on failed login attempts is DenyHosts. It functions similarly to fail2ban, but specifically targets ssh login attempts. The last time I set it up, I found it very easy to configure.
There is no excuse for having a server that will accept many failed login attempts from the same IP, or within a defined time period! That is just sloppy management. (Or, it could be argued, sloppy Linux server code. :-)
I have some python scripts on my dedicated LAMP servers that does this, and more. I also have some IPTABLES entries that act much faster for specific ports.
Once per minute (cron job), several python scripts each scan several log files for malicious activity (such as the phrase "failed password" or "unknown user"). The IP address that generated the errors is temporarily blocked (usually for 2 weeks). This not only works for failed SSH logins, but for many other malicious attacks, such as failed e-mail logins or attempts to get the server to send spam.
It's too complicated to post the entire solution here, but the above should get someone's brain cells working in the right direction.