6.12 Limit Consecutive Login Attempts for SSH

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The 'MaxAuthTries' parameter in the /etc/ssh/sshd_config file specifies the maximum
number of authentication attempts permitted per connection. By restricting the number of
failed authentication attempts before the server terminates the connection, malicious users
are blocked from gaining access to the host by using repetitive brute-force login exploits.

Rationale:

By setting the authentication login limit to a low value this will disconnect the attacker and
force a reconnect, which severely limits the speed of such brute force attacks.

Solution

Perform the following to implement the recommended state:

# awk '/MaxAuthTries/ { $1 = "MaxAuthTries"; $2 = "6" } { print }'
/etc/ssh/sshd_config > /etc/ssh/sshd_config.CIS

# mv /etc/ssh/sshd_config.CIS /etc/ssh/sshd_config

# svcadm restart svc:/network/ssh

See Also

https://workbench.cisecurity.org/files/2582