SSH Login Fail Limit¶
An administrator can view and modify the number of login attempts for a user.
The default number of failed login attempts for a user is 10 before the account is locked.
The default duration that an account will be locked, is 15 minutes (900 seconds).
system ssh fail_limit set <number>
Set the number of failed login attempts for all user accounts on this system before account lockout occurs. For example:
$ system ssh fail_limit set 3 You are about to set a limit for failed login attempts. This limit will apply to all user accounts on this system. Do you wish to continue? Y
system ssh fail_limit view <username>
View the current status of a user’s failed login attempts. Examples:
$ system ssh fail_limit view joebrown Login Failures Latest failure From joebrown 0 $ system ssh fail_limit view joebrown Login Failures Latest failure From joebrown 1 12/04/15 10:38:00 192.168.0.90
system ssh fail_limit reset <username>
Reset the limit back to 0 on a locked out account. This will allow a user to log back in to the system without resetting a password after a lockout occurs. For example:
$ system ssh fail_limit view joebrown Login Failures Latest failure From joebrown 3 12/04/15 10:38:00 192.168.0.90 $ system ssh fail_limit reset joebrown You are about to reset the account lockout information for user: joebrown. This will allow this user to log back in to the system. Do you wish to continue? y $ system ssh fail_limit view joebrown Login Failures Latest failure From joebrown 0
system ssh fail_limit unlock_time <seconds>
Enable the unlock time and set the duration in seconds that an account will be locked for after it has been locked.
To disable the unlock time setting, use the command with the parameter value as zero:
system ssh fail_limit unlock_time 0
The example output below shows the command response for parameter values:
$ system ssh fail_limit unlock_time 60 SSH session unlock time has been set. $ system ssh fail_limit unlock_time 0 SSH session unlock time has been disabled. $ system ssh fail_limit unlock_time -1 Please enter a valid number for unlock time.
system ssh fail_limit unlock_time
Display the status of the unlock time setting.
For example:
$ system ssh fail_limit unlock_time SSH session unlock time is not set. $ system ssh fail_limit unlock_time 60 SSH session unlock time has been set. $ system ssh fail_limit unlock_time SSH session unlock time has been set to 60 seconds.