UCF STIG Viewer Logo

The network element must be configured for a maximum number of unsuccessful SSH login attempts set at 3 before resetting the interface.


Overview

Finding ID Version Rule ID IA Controls Severity
V-5613 NET1646 SV-15458r2_rule Medium
Description
An attacker may attempt to connect to the device using SSH by guessing the authentication method and authentication key or shared secret. Setting the authentication retry to 3 or less strengthens against a Brute Force attack.
STIG Date
Infrastructure Router Security Technical Implementation Guide Cisco 2018-11-27

Details

Check Text ( C-12923r2_chk )
Review the configuration and verify the number of unsuccessful SSH login attempts is set at 3.

ip ssh authentication-retries 3
Fix Text (F-5524r9_fix)
Configure the network device to require a maximum number of unsuccessful SSH logon attempts at 3.