UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network element must be configured for a maximum number of unsuccessful SSH login attempts set at 3 before resetting the interface.


Overview

Finding ID Version Rule ID IA Controls Severity
V-5613 NET1646 SV-15458r2_rule ECSC-1 Medium
Description
An attacker may attempt to connect to the device using SSH by guessing the authentication method and authentication key or shared secret. Setting the authentication retry to 3 or less strengthens against a Brute Force attack.
STIG Date
Perimeter L3 Switch Security Technical Implementation Guide - Cisco 2016-01-04

Details

Check Text ( C-12923r2_chk )
Review the configuration and verify the number of unsuccessful SSH login attempts is set at 3.

ip ssh authentication-retries 3
Fix Text (F-5524r9_fix)
Configure the network device to require a maximum number of unsuccessful SSH logon attempts at 3.