Skip to content

Set SSH authentication attempt limit

An XCCDF Rule

Description

The MaxAuthTries parameter specifies the maximum number of authentication attempts permitted per connection. Once the number of failures reaches half this value, additional failures are logged. to set MaxAUthTries edit /etc/ssh/sshd_config as follows:

MaxAuthTries 

Rationale

Setting the MaxAuthTries parameter to a low number will minimize the risk of successful brute force attacks to the SSH server.

ID
xccdf_org.ssgproject.content_rule_sshd_set_max_auth_tries
Severity
Medium
References
Updated



Remediation - Shell Script

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

sshd_max_auth_tries_value='<xccdf-1.2:sub xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" idref="xccdf_org.ssgproject.content_value_sshd_max_auth_tries_value" use="legacy"/>'