← Rules Catalog
mediumaccess-controlverified rollback-safe

Limit SSH maximum authentication attempts

ssh-max-auth-tries · RHEL ≥ 8 · 2 impls

Description

The SSH daemon must limit the number of authentication attempts permitted per connection. MaxAuthTries restricts how many times a client can attempt to authenticate before the connection is dropped, reducing the effectiveness of brute-force attacks.

Rationale

Without a limit on authentication attempts, an attacker can make an unlimited number of password guesses within a single SSH connection. Setting MaxAuthTries to 4 or fewer forces the attacker to establish a new connection for each set of attempts, making brute-force attacks slower and more detectable by intrusion detection systems.

Check → Remediate

Checksshd_effective_config
key:
maxauthtries
expected:
{{ ssh_max_auth_tries }}
Remediateconfig_set
path:
/etc/ssh/sshd_config
key:
MaxAuthTries
value:
{{ ssh_max_auth_tries }}
separator:
reload:
sshd

Framework references

CIS

rhel10 5.1.16rhel8 5.1.18rhel9 5.1.16

NIST 800-53

AC-7CM-6

Live verification

rhel10:checkrhel8:checkrhel9:check
#ssh#authentication#brute-force