I am using ubuntu 16.04, is there a way to lock a IP address for 10 minutes after 3 Failed Login attempts to avoid brute forcing.
By did serching internet, I found a method can lock root use for temporary, by add this content in /etc/pam.d/common-auth file and restart the SSH service.
auth required pam_tally2.so onerr=fail deny=3 unlock_time=600 audit
$ sudo systemctl restart sshd
but it doesn't work. Is there a way to lock a IP 10min atfer over 3 Failed Login attempts?
As Liso commented your best bet is to use Fail2Ban. This can be installed with sudo apt install fail2ban.
Then add the following configuration changes to the file /etc/fail2ban/jail.local:
[sshd]
#Set ban time to 10 minutes
bantime = 600
#Decrease the number of failed login attempts before banning to 3
maxretry=3
Once this configuration is in place restart the service with sudo systemctl restart fail2ban.
Thank you for being diligent and securing your server. This makes the world safer for all of us.
N.B. You might have already done this but please make sure you disable root from logging in over SSH.
