Ensure SSH MaxStartups is configured

Description

The MaxStartups parameter specifies the maximum number of concurrent unauthenticated connections to the SSH daemon. Additional connections will be dropped until authentication succeeds or the LoginGraceTime expires for a connection. To confgure MaxStartups, you should add or correct the following line in the /etc/ssh/sshd_config file:

MaxStartups

CIS recommends a MaxStartups value of '10:30:60', or more restrictive where dictated by site policy.

Rationale

To protect a system from denial of service due to a large number of pending authentication connection attempts, use the rate limiting function of MaxStartups to protect availability of sshd logins and prevent overwhelming the daemon.

ID: xccdf_org.ssgproject.content_rule_sshd_set_maxstartups
Severity: Medium
References: 2.2.6
Updated: about 1 year ago