Set SSH authentication attempt limit
Description
The MaxAuthTries parameter specifies the maximum number of authentication attempts
permitted per connection. Once the number of failures reaches half this value, additional failures are logged.
to set MaxAUthTries edit /etc/ssh/sshd_config as follows:
Rationale
Setting the MaxAuthTries parameter to a low number will minimize the risk of successful
brute force attacks to the SSH server.
Shell script
The following script can be run on the host to remediate the issue.
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
sshd\_max\_auth\_tries\_value='4'
if [ -e "/etc/ssh/sshd\_config" ] ; then
LC\_ALL=C sed -i "/^\s\*MaxAuthTries\s\+/Id" "/etc/ssh/sshd\_config"
else
touch "/etc/ssh/sshd\_config"
fi
# make sure file has newline at the end
sed -i -e '$a\' "/etc/ssh/sshd\_config"
cp "/etc/ssh/sshd\_config" "/etc/ssh/sshd\_config.bak"
# Insert before the line matching the regex '^Match'.
line\_number="$(LC\_ALL=C grep -n "^Match" "/etc/ssh/sshd\_config.bak" | LC\_ALL=C sed 's/:.\*//g')"
if [ -z "$line\_number" ]; then
# There was no match of '^Match', insert at
# the end of the file.
printf '%s\n' "MaxAuthTries $sshd\_max\_auth\_tries\_value" >> "/etc/ssh/sshd\_config"
else
head -n "$(( line\_number - 1 ))" "/etc/ssh/sshd\_config.bak" > "/etc/ssh/sshd\_config"
printf '%s\n' "MaxAuthTries $sshd\_max\_auth\_tries\_value" >> "/etc/ssh/sshd\_config"
tail -n "+$(( line\_number ))" "/etc/ssh/sshd\_config.bak" >> "/etc/ssh/sshd\_config"
fi
# Clean up after ourselves.
rm "/etc/ssh/sshd\_config.bak"
else
>&2 echo 'Remediation is not applicable, nothing was done'
fi
