[sshd] Bump MaxAuthTries to 20 from default 6
This accommodates users that have many keys added to their host's SSH
agent. Typical Fuchsia developers use `fx shell` or `fx ssh`, but the
local ssh client tries all SSH agent identities before trying the key
pair generated in $FUCHSIA_DIR/.ssh. Since all Fuchsia SSH
authentication is key based it is low risk to allow more authentication
attempts.
Test: Added 6 newly generated SSH keys using ssh-add, verified that
after change `fx shell` now works.
Change-Id: Iec8d036b6c5da7c0ed8e214175d29649637c6428
Reviewed-on: https://fuchsia-review.googlesource.com/c/third_party/openssh-portable/+/386296
Reviewed-by: James Tucker <raggi@google.com>
Reviewed-by: Vikram Auradkar <auradkar@google.com>
Commit-Queue: Bryan Henry <bryanhenry@google.com>
diff --git a/fuchsia/sshd_config b/fuchsia/sshd_config
index 30ee912..e9136e7 100644
--- a/fuchsia/sshd_config
+++ b/fuchsia/sshd_config
@@ -12,7 +12,12 @@
# These are combined since the sshd will only use the first AuthorizedKeysFile line.
AuthorizedKeysFile /data/ssh/authorized_keys /boot/data/ssh/authorized_keys /config/data/authorized_keys_for_test_infra
+# We disallow password authentication completely (it's unsupported irrespective of this
+# configuration), so all auth is key-based. Bump the MaxAuthTries limit to accommodate users with
+# many keys added to their SSH agent.
PasswordAuthentication no
+MaxAuthTries 20
+
Protocol 2
TCPKeepAlive no
ClientAliveInterval 1
