Reduce SSL login grace time

Alexandros · Alexandros · commit a7590e21f57d · 2019-07-04T20:41:20.000+03:00
diff --git a/install/hst-install-debian.sh b/install/hst-install-debian.sh
@@ -926,6 +926,10 @@ if [ ! -z "$sftp_subsys_enabled" ]; then
     sed -i -E "s/^#?.*Subsystem.+(sftp )?sftp-server/Subsystem sftp internal-sftp/g" /etc/ssh/sshd_config
 fi
 
+# Reduce SSH login grace time
+sed -i "s/LoginGraceTime 2m/LoginGraceTime 1m/g" /etc/ssh/sshd_config
+sed -i "s/#LoginGraceTime 2m/LoginGraceTime 1m/g" /etc/ssh/sshd_config
+
 # Disable SSH suffix broadcast
 if [ -z "$(grep "^DebianBanner no" /etc/ssh/sshd_config)" ]; then
     echo '' >> /etc/ssh/sshd_config
diff --git a/install/hst-install-ubuntu.sh b/install/hst-install-ubuntu.sh
@@ -898,6 +898,10 @@ if [ ! -z "$sftp_subsys_enabled" ]; then
     sed -i -E "s/^#?.*Subsystem.+(sftp )?sftp-server/Subsystem sftp internal-sftp/g" /etc/ssh/sshd_config
 fi
 
+# Reduce SSH login grace time
+sed -i "s/LoginGraceTime 2m/LoginGraceTime 1m/g" /etc/ssh/sshd_config
+sed -i "s/#LoginGraceTime 2m/LoginGraceTime 1m/g" /etc/ssh/sshd_config
+
 # Disable SSH suffix broadcast
 if [ -z "$(grep "^DebianBanner no" /etc/ssh/sshd_config)" ]; then
     echo '' >> /etc/ssh/sshd_config
diff --git a/install/upgrade/versions/latest.sh b/install/upgrade/versions/latest.sh
@@ -18,6 +18,10 @@ mv /etc/ssl/dhparam.pem $HESTIA_BACKUP/conf/
 cp -f $HESTIA_INSTALL_DIR/ssl/dhparam.pem /etc/ssl/
 chmod 600 /etc/ssl/dhparam.pem
 
+# Reduce SSH login grace time
+sed -i "s/LoginGraceTime 2m/LoginGraceTime 1m/g" /etc/ssh/sshd_config
+sed -i "s/#LoginGraceTime 2m/LoginGraceTime 1m/g" /etc/ssh/sshd_config
+
 # Enhance Vsftpd security
 echo "(*) Hardening Vsftpd SSL configuration..."
 cp -f /etc/vsftpd.conf $HESTIA_BACKUP/conf/
