UCF STIG Viewer Logo

The Photon operating system must configure sshd to limit the number of allowed login attempts per connection.


Overview

Finding ID Version Rule ID IA Controls Severity
V-239165 PHTN-67-000094 SV-239165r675303_rule Medium
Description
By setting the login attempt limit to a low value, an attacker will be forced to reconnect frequently, which severely limits the speed and effectiveness of brute-force attacks.
STIG Date
VMware vSphere 6.7 Photon OS Security Technical Implementation Guide 2022-06-17

Details

Check Text ( C-42376r675301_chk )
At the command line, execute the following command:

# sshd -T|&grep -i MaxAuthTries

Expected result:

MaxAuthTries 2

If the output does not match the expected result, this is a finding.
Fix Text (F-42335r675302_fix)
Open /etc/ssh/sshd_config with a text editor.

Ensure that the "MaxAuthTries" line is uncommented and set to the following:

MaxAuthTries 2

At the command line, execute the following command:

# service sshd reload