mediumaccess-controlverified ✓rollback-safe
Limit SSH maximum authentication attempts
ssh-max-auth-tries · RHEL ≥ 8 · 2 impls
Description
The SSH daemon must limit the number of authentication attempts permitted per connection. MaxAuthTries restricts how many times a client can attempt to authenticate before the connection is dropped, reducing the effectiveness of brute-force attacks.
Rationale
Without a limit on authentication attempts, an attacker can make an unlimited number of password guesses within a single SSH connection. Setting MaxAuthTries to 4 or fewer forces the attacker to establish a new connection for each set of attempts, making brute-force attacks slower and more detectable by intrusion detection systems.
Check → Remediate
Checksshd_effective_config
- key:
- maxauthtries
- expected:
- {{ ssh_max_auth_tries }}
Remediateconfig_set
- path:
- /etc/ssh/sshd_config
- key:
- MaxAuthTries
- value:
- {{ ssh_max_auth_tries }}
- separator:
- reload:
- sshd
Framework references
CIS
rhel10 5.1.16rhel8 5.1.18rhel9 5.1.16
NIST 800-53
AC-7CM-6
Live verification
rhel10:checkrhel8:checkrhel9:check
#ssh#authentication#brute-force