SSH login attempts not covered by secure enclave?

Yes. The sshd server is designed to be used on a publicly available server. Any attempt to block a brute force attack would constitute a denial of service attack. On a server, there are other mechanisms to more selectively block only those remote hosts that are attempting a brute force attack. But even that is rare.

Always-on servers are inherently a higher-risk environment. There is no concept of a "brute force attack" on the internet. Any internet-facing servers are constantly under attack. It never lets up. The only limit is the infinite number of hosts available.

I would not recommend enabling the sshd server on a Mac. If you do, use a firewall and make sure that only your own remote clients can connect. Hackers can tell from your Internet address if you are some random container on AWS or a user at home who has turned on file sharing. Your home server will likely have less security and far more interesting content.

spacbug wrote:

https://www.apple.com/mideast/mac/docs/Apple_T2_Security_Chip_Overview.pdf

This document covering the T2 chip and the secure enclave says it handles brute force attacks by limiting the number of login attempts. This is handled by the secure enclave.

How ever it only talks about the login screen and via target disk mode.

It does not say what happens if you have enabled the SSH server in macOS.

Could you still do brute force attacks against the SSH server?

(I'm using an M1 Mac but I guess it works the same as a Mac with a T2 chip).

M1 is not Intel —so I would not expect them to work in the same way, no.

The Secure Enclave is a dedicated secure subsystem integrated into Apple systems on chip (SoCs).

ref: Secure Enclave - Apple Support