NET1646 - SSH login attempts value is greater than 3 - 'ip ssh authentication-retries not found'

Information

The network element must be configured for a maximum number of unsuccessful SSH login attempts set at 3 before resetting the interface.

An attacker may attempt to connect to the device using SSH by guessing the authentication method and authentication key or shared secret. Setting the authentication retry to 3 or less strengthens against a Brute Force attack.

Solution

Configure the network element to require a maximum number of unsuccessful SSH login attempts at 3.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Network_Perimeter_Router_L3_Switch_V8R32_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-7, CAT|II, CSCv6|16.7, Rule-ID|SV-5613r4_rule, STIG-ID|NET1646, Vuln-ID|V-5613

Plugin: Cisco

Control ID: 4232823c7f6e5edce8f8efcff8fc032371b5a01f6dc65b2509fee3dc1c181a5d