5.2.5 Ensure SSH MaxAuthTries is set to 4 or less

Information

Setting the MaxAuthTries parameter to a low number will minimize the risk of successful brute force attacks to the SSH server. While the recommended setting is 4, set the number based on site policy.

Solution

Edit the /etc/ssh/sshd_config file to set the parameter as follows: MaxAuthTries 4

See Also

https://workbench.cisecurity.org/files/1863

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-7a., CSCv6|16.7

Plugin: Unix

Control ID: 671968d1506703fbddc3aa68a71ebfd19525cd59914bac4316ccfd8c2c413c18