Details

The MaxAuthTries parameter specifies the maximum number of authentication attempts permitted per connection. When the login failure count reaches half the number, error messages will be written to the syslog file detailing the login failure.

Setting the MaxAuthTries parameter to a low number will minimize the risk of successful brute force attacks to the SSH server. While the recommended setting is 4, it is set the number based on site policy.

Solution

Edit the/etc/ssh/sshd_config file-

vi /etc/ssh/sshd_config

Set-

MaxAuthTries 4

Re-cycle the sshd daemon to pick up the configuration changes-

stopsrc -s sshd
startsrc -s sshd

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/528

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.

References

• 800-53|AC-7a.
• CSCv6|16.7

Source

• Tenable.com/audits