Title

Consecutive login attempts for SSH must be limited to 3. (Cat III impact)

Discussion

Setting the authentication login limit to a low value will disconnect the attacker and force a reconnect, which severely limits the speed of such brute-force attacks.

Check Content

Determine if consecutive login attempts are limited to 3. # grep "^MaxAuthTries" /etc/ssh/sshd_config | grep -v Log If the output of this command is not: MaxAuthTries 6 this is a finding. Note: Solaris SSH MaxAuthTries of 6 maps to 3 actual failed attempts.

Fix Text

The root role is required. Modify the sshd_config file. # pfedit /etc/ssh/sshd_config Locate the line containing: MaxAuthTries Change it to: MaxAuthTries 6 Restart the SSH service. # svcadm restart svc:/network/ssh Note: Solaris SSH MaxAuthTries of 6 maps to 3 actual failed attempts.

Additional Identifiers

Rule ID: SV-216115r603268_rule

Vulnerability ID: V-216115

Group Title: SRG-OS-000480

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.