iCompaas Support

Profile Applicability:
 • Level 1

Description:
 The MaxAuthTries option in the SSH daemon (sshd) configuration limits the number of authentication attempts permitted per connection. Configuring this setting helps prevent brute-force attacks by limiting failed login attempts.

Rationale:
 Limiting authentication attempts reduces the window for attackers to guess passwords, enhancing SSH security and protecting against unauthorized access.

Impact:
 Pros:

• Helps prevent brute-force password guessing attacks.
  
  

• Enhances overall system security.
  
  

Cons:

• Setting too low a value may inconvenience legitimate users with slow or failed login attempts.
  
  

Default Value:
 Defaults vary but often are set to 6 attempts if not explicitly configured.

Pre-requisites:

• Root or sudo privileges to modify SSH daemon configuration.
  
  

Remediation:

Test Plan:

Using Linux command line:

Check current MaxAuthTries setting in /etc/ssh/sshd_config:

grep ^MaxAuthTries /etc/ssh/sshd_config

Verify the configured value.

Implementation Plan:

Using Linux command line:

Edit /etc/ssh/sshd_config:

vi /etc/ssh/sshd_config

Add or update the MaxAuthTries directive, for example:

MaxAuthTries 4

Save the file and restart sshd:

systemctl restart sshd

Confirm the setting:

grep ^MaxAuthTries /etc/ssh/sshd_config

Backout Plan:

Using Linux command line:

1. Revert to previous MaxAuthTries value if necessary.
   
   

2. Restart sshd and verify usability.
   
   

References:

• NIST SP 800-53 Revision 5 - AC-7