Set SSH authentication attempt limit
An XCCDF Rule
Description
The MaxAuthTries
parameter specifies the maximum number of authentication attempts
permitted per connection. Once the number of failures reaches half this value, additional failures are logged.
to set MaxAUthTries edit /etc/ssh/sshd_config
as follows:
MaxAuthTries
Rationale
Setting the MaxAuthTries parameter to a low number will minimize the risk of successful brute force attacks to the SSH server.
- ID
- xccdf_org.ssgproject.content_rule_sshd_set_max_auth_tries
- Severity
- Medium
- Updated
Remediation - Ansible
- name: XCCDF Value sshd_max_auth_tries_value # promote to variable
set_fact:
sshd_max_auth_tries_value: !!str <xccdf-1.2:sub xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" idref="xccdf_org.ssgproject.content_value_sshd_max_auth_tries_value" use="legacy"/>
tags:
- always
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
sshd_max_auth_tries_value='<xccdf-1.2:sub xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" idref="xccdf_org.ssgproject.content_value_sshd_max_auth_tries_value" use="legacy"/>'