9.3.5 Set SSH MaxAuthTries to 4 or Less

Information

The MaxAuthTries parameter specifies the maximum number of authentication attempts
permitted per connection. When the login failure count reaches half the number, error
messages will be written to the syslog file detailing the login failure.

*Rationale*

Setting the MaxAuthTries parameter to a low number will minimize the risk of successful
brute force attacks to the SSH server. While the recommended setting is 4, it is set the
number based on site policy.

Solution

Edit the /etc/ssh/sshd_config file to set the parameter as follows-MaxAuthTries 4

See Also

https://workbench.cisecurity.org/files/91

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-7a., CSCv6|16.7

Plugin: Unix

Control ID: bab324abdfb2d4163e38fc73806c95770b4e7f745e95e99dc19ba48d4c65f4c9