Information
The 'MaxAuthTries' parameter in the /etc/ssh/sshd_config file specifies the maximum number of authentication attempts permitted per connection. By restricting the number of failed authentication attempts before the server terminates the connection, malicious users are blocked from gaining access to the host by using repetitive brute-force login exploits.
Rationale:
By setting the authentication login limit to a low value this will disconnect the attacker and force a reconnect, which severely limits the speed of such brute force attacks.
Solution
Perform the following to implement the recommended state:
# awk '/MaxAuthTries/ { $1 = 'MaxAuthTries'; $2 = '6' } { print }' /etc/ssh/sshd_config > /etc/ssh/sshd_config.CIS
# mv /etc/ssh/sshd_config.CIS /etc/ssh/sshd_config
# svcadm restart svc:/network/ssh