From 2740f050fc6d0e2cfef54c8e66ecd6d17b26a970 Mon Sep 17 00:00:00 2001
From: Alan Orth <alan.orth@gmail.com>
Date: Sun, 15 Sep 2019 15:17:00 +0300
Subject: [PATCH] roles/common: Increase ssh MaxAuthTries from 3 to 4

If a user has RSA, ECDSA, and ED25519 private keys present on their
system then the ssh client will offer all of these to the server
and they may not get a chance to try password auth before it fails.
---
 roles/common/templates/sshd_config_Debian-10.j2    | 2 +-
 roles/common/templates/sshd_config_Debian-9.j2     | 2 +-
 roles/common/templates/sshd_config_Ubuntu-16.04.j2 | 2 +-
 roles/common/templates/sshd_config_Ubuntu-18.04.j2 | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/common/templates/sshd_config_Debian-10.j2 b/roles/common/templates/sshd_config_Debian-10.j2
index 0c21643..c55e4c1 100644
--- a/roles/common/templates/sshd_config_Debian-10.j2
+++ b/roles/common/templates/sshd_config_Debian-10.j2
@@ -31,7 +31,7 @@ LogLevel VERBOSE
 #LoginGraceTime 2m
 PermitRootLogin prohibit-password
 #StrictModes yes
-MaxAuthTries 3
+MaxAuthTries 4
 #MaxSessions 10
 
 #PubkeyAuthentication yes
diff --git a/roles/common/templates/sshd_config_Debian-9.j2 b/roles/common/templates/sshd_config_Debian-9.j2
index 698fb4e..c6e5c07 100644
--- a/roles/common/templates/sshd_config_Debian-9.j2
+++ b/roles/common/templates/sshd_config_Debian-9.j2
@@ -32,7 +32,7 @@ LogLevel VERBOSE
 #LoginGraceTime 2m
 PermitRootLogin prohibit-password
 #StrictModes yes
-MaxAuthTries 3
+MaxAuthTries 4
 #MaxSessions 10
 # Password based logins are disabled - only public key based logins are allowed.
 AuthenticationMethods publickey
diff --git a/roles/common/templates/sshd_config_Ubuntu-16.04.j2 b/roles/common/templates/sshd_config_Ubuntu-16.04.j2
index 372d012..a2764f4 100644
--- a/roles/common/templates/sshd_config_Ubuntu-16.04.j2
+++ b/roles/common/templates/sshd_config_Ubuntu-16.04.j2
@@ -70,7 +70,7 @@ PrintLastLog yes
 TCPKeepAlive yes
 #UseLogin no
 
-MaxAuthTries 3
+MaxAuthTries 4
 #MaxStartups 10:30:60
 #Banner /etc/issue.net
 
diff --git a/roles/common/templates/sshd_config_Ubuntu-18.04.j2 b/roles/common/templates/sshd_config_Ubuntu-18.04.j2
index 53eafd9..08dc8c4 100644
--- a/roles/common/templates/sshd_config_Ubuntu-18.04.j2
+++ b/roles/common/templates/sshd_config_Ubuntu-18.04.j2
@@ -31,7 +31,7 @@ LogLevel VERBOSE
 #LoginGraceTime 2m
 PermitRootLogin prohibit-password
 #StrictModes yes
-MaxAuthTries 3
+MaxAuthTries 4
 #MaxSessions 10
 
 #PubkeyAuthentication yes