roles/common: Limit number of SSH authentication attempts

The default in later OpenSSH is 6, which seems too high. If you can't
get your password correct after 3 tries then I think you need help.

Eventually I'd like an easy way to enable blocking of repeated login
attempts at the firewall level. I think it's possible in firewalld.

roles/common/templates/sshd_config_Debian-9.j2

@@ -32,7 +32,7 @@ LogLevel VERBOSE
 #LoginGraceTime 2m
 PermitRootLogin prohibit-password
 #StrictModes yes
-#MaxAuthTries 6
+MaxAuthTries 3
 #MaxSessions 10
 # Password based logins are disabled - only public key based logins are allowed.
 AuthenticationMethods publickey

roles/common/templates/sshd_config_Ubuntu-16.04.j2

@@ -70,6 +70,7 @@ PrintLastLog yes
 TCPKeepAlive yes
 #UseLogin no
 
+MaxAuthTries 3
 #MaxStartups 10:30:60
 #Banner /etc/issue.net
 

roles/common/templates/sshd_config_Ubuntu-18.04.j2

@@ -31,7 +31,7 @@ LogLevel VERBOSE
 #LoginGraceTime 2m
 PermitRootLogin prohibit-password
 #StrictModes yes
-#MaxAuthTries 6
+MaxAuthTries 3
 #MaxSessions 10
 
 #PubkeyAuthentication yes