From c3786e22a0aaf137102daaeda1ab6ea015dac9eb Mon Sep 17 00:00:00 2001
From: Bertrand Jacquin <bertrand@jacquin.bzh>
Date: Sat, 28 Sep 2019 22:48:29 +0100
Subject: factory-default/net-misc/openssh: restrict MaxAuthTries and
 MaxSessions

---
 factory-default/net-misc/openssh/etc/ssh/sshd_config | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/factory-default/net-misc/openssh/etc/ssh/sshd_config b/factory-default/net-misc/openssh/etc/ssh/sshd_config
index b1b8f373..b1b858c2 100644
--- a/factory-default/net-misc/openssh/etc/ssh/sshd_config
+++ b/factory-default/net-misc/openssh/etc/ssh/sshd_config
@@ -79,6 +79,13 @@ PermitUserEnvironment no
 # Send TCP keepalive messages to the other side
 TCPKeepAlive yes
 
+# Maximum number of authentication attempts permitted per connection
+MaxAuthTries 3
+
+# Maximum number of open shell, login or subsystem (e.g. sftp) sessions
+# permitted per network connection
+MaxSessions 2
+
 # Send a message through the encrypted channel to request a response
 # from the client
 ClientAliveInterval 15
-- 
cgit v1.2.3