I have a system where MaxAuthTries has been administratively misinterpreted: [pete9168@workstation ~]$ sudo grep MaxAuthTries /etc/ssh/sshd_config MaxAuthTries yes It passes the syntax validation check: [pete9168@workstation ~]$ sudo sshd -t && echo "EVERYTHING IS OK HERE" EVERYTHING IS OK HERE The daemon does not receive a valid integer for MaxAuthTries and seems to interpret a maximum attempt count of zero: [pete9168@workstation ~]$ ssh localhost Received disconnect from ::1 port 22:2: Too many authentication failures Disconnected from ::1 port 22 Please adjust `sshd -t` such that MaxAuthTries requires an integer > 0 to pass. I initially observed this behavior with openssh-server-1:6.6p1-2ubuntu2.11, the above validation is from openssh-server-7.6p1-6.fc27.x86_64 .
This has already been fixed in the openssh-7.7 release via the following commit: commit 609d96b3d58475a15b2eb6b3d463f2c5d8e510c0 Author: dtucker@openbsd.org <dtucker@openbsd.org> Date: Tue Dec 5 23:59:47 2017 +0000 upstream commit Replace atoi and strtol conversions for integer arguments to config keywords with a checking wrapper around strtonum. This will prevent and flag invalid and negative arguments to these keywords. ok djm@ OpenBSD-Commit-ID: 99ae3981f3d608a219ccb8d2fff635ae52c17998
Move resolved bugs -> CLOSED after 8.0 release