The OpenSSH server normally wouldn’t allow successive authentications
that exceed the MaxAuthTries setting in sshd_config, however when using
kbd-interactive challenge-response authentication the allowed login
retries can be extended limited only by the LoginGraceTime setting, that
can be more than 10000 tries (depends on the network speed), and even
more for local attacks.