Merge pull request #3739 from uselagoon/ssh-max-auth-retries

feat: ssh configurable number of public key attempts before failing
uselagoon · Nov 7, 2024 · f13dd62 · f13dd62
2 parents ca99b8b + c50e8f1
commit f13dd62
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/services/ssh/docker-entrypoint.sh b/services/ssh/docker-entrypoint.sh
@@ -2,6 +2,8 @@
 
 export USER_ID=$(id -u)
 
+ep /etc/ssh/sshd_config
+
 ep /home/token.sh
 ep /home/grant.sh
 ep /home/token-debug.sh

diff --git a/services/ssh/etc/ssh/sshd_config b/services/ssh/etc/ssh/sshd_config
@@ -6,6 +6,9 @@ HostKey /etc/ssh/ssh_host_ed25519_key
 
 LogLevel INFO
 
+# Sets the allowed number of ssh-agent key attempts before failure
+MaxAuthTries ${MAX_AUTH_TRIES:-6}
+
 PermitRootLogin no
 
 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
@@ -39,4 +42,4 @@ ClientAliveInterval 60
 ClientAliveCountMax 1440 # max keepalive of 24h
 
 # This will allow sftp access
-Subsystem sftp sftp-server -u 0002
+Subsystem sftp sftp-server -u 0002