UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Consecutive login attempts for SSH must be limited to 3.


Overview

Finding ID Version Rule ID IA Controls Severity
V-48099 SOL-11.1-040340 SV-60971r1_rule Low
Description
Setting the authentication login limit to a low value will disconnect the attacker and force a reconnect, which severely limits the speed of such brute-force attacks.
STIG Date
Solaris 11 X86 Security Technical Implementation Guide 2015-06-26

Details

Check Text ( C-50531r1_chk )
Determine if consecutive login attempts are limited to 3.

# grep "^MaxAuthTries" /etc/ssh/sshd_config

If the output of this command is not:

MaxAuthTries 6
MaxAuthTriesLog 6

this is a finding.

Note: Solaris SSH MaxAuthTries of 6 maps to 3 actual failed attempts.
Fix Text (F-51707r1_fix)
The root role is required.

Modify the sshd_config file.

# pfedit /etc/ssh/sshd_config

Locate the line containing:

MaxAuthTries

Change it to:

MaxAuthTries 6

Restart the SSH service.

# svcadm restart svc:/network/ssh

Note: Solaris SSH MaxAuthTries of 6 maps to 3 actual failed attempts.