InformationThe number of retries before the SSH login session disconnects.
This limits the number of times an unauthorized user can attempt a password without having to establish a new SSH login attempt. This reduces the potential for success during online brute force attacks by limiting the number of login attempts per SSH connection.
Organizations should implement a security policy limiting the number of authentication attempts for network administrators and enforce the policy through the 'ip ssh authentication-retries' command.
SolutionConfigure the SSH timeout:
hostname(config)#ip ssh authentication-retries [<em>3</em>]
SSH is not enabled by default. When set, the default value is 3.