UCF STIG Viewer Logo

Consecutive login attempts for SSH must be limited to 3.


Overview

Finding ID Version Rule ID IA Controls Severity
V-216352 SOL-11.1-040340 SV-216352r603267_rule Low
Description
Setting the authentication login limit to a low value will disconnect the attacker and force a reconnect, which severely limits the speed of such brute-force attacks.
STIG Date
Solaris 11 SPARC Security Technical Implementation Guide 2022-11-18

Details

Check Text ( C-17588r462490_chk )
Determine if consecutive login attempts are limited to 3.

# grep "^MaxAuthTries" /etc/ssh/sshd_config | grep -v Log

If the output of this command is not:

MaxAuthTries 6

this is a finding.

Note: Solaris SSH MaxAuthTries of 6 maps to 3 actual failed attempts.
Fix Text (F-17586r462491_fix)
The root role is required.

Modify the sshd_config file.

# pfedit /etc/ssh/sshd_config

Locate the line containing:

MaxAuthTries

Change it to:

MaxAuthTries 6

Restart the SSH service.

# svcadm restart svc:/network/ssh

Note: Solaris SSH MaxAuthTries of 6 maps to 3 actual failed attempts.