5.1.18 Ensure sshd MaxSessions is configured

Information

The MaxSessions parameter specifies the maximum number of open sessions permitted from a given connection.

To protect a system from denial of service due to a large number of concurrent sessions, use the rate limiting function of MaxSessions to protect availability of sshd logins and prevent overwhelming the daemon.

Solution

Edit the /etc/ssh/sshd_config file to set the MaxSessions parameter to 10 or less above any Include and Match entries as follows:

MaxSessions 10

Note: First occurrence of an option takes precedence, Match set statements withstanding. If Include locations are enabled, used, and order of precedence is understood in your environment, the entry may be created in a file in Include location.

See Also

https://workbench.cisecurity.org/benchmarks/18210

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-10

Plugin: Unix

Control ID: 2d0c3504df8716baab873c10236043bad888f0c7805703ca0df5090c698b63b5