SSH Login Fail Limit

An administrator can view and modify the number of login attempts for a user.

• The default number of failed login attempts for a user is 10 before the account is locked.

• The default duration that an account will be locked, is 15 minutes (900 seconds).

• system ssh fail_limit set <number>

  Set the number of failed login attempts for all user accounts on this system before account lockout occurs. For example:

  $ system ssh fail_limit set 3
  You are about to set a limit for failed login attempts.
     This limit will apply to all user accounts on this system.
     Do you wish to continue? Y
  

• system ssh fail_limit view

  Show the current number of failed logins allowed

  $ system ssh fail_limit view
  SSH session fail_limit is set to 10
  

• system ssh fail_limit view <username>

  View the current status of a user’s failed login attempts. Examples:

  $ system ssh fail_limit view joebrown
  Login     Failures  Latest failure     From
  joebrown     0
  
  $ system ssh fail_limit view joebrown
  Login     Failures  Latest failure     From
  joebrown      1    12/04/15 10:38:00   192.168.0.90
  

  If no users are defined, the message No users created is shown.

• system ssh fail_limit status

  View the current status of all users failed login attempts

  Examples:

  $ system ssh fail_limit status
  Login     Failures  Latest failure     From
  joebrown     0
  

• system ssh fail_limit reset <username>

  Reset the limit back to 0 on a locked out account. This will allow a user to log back in to the system without resetting a password after a lockout occurs. For example:

  $ system ssh fail_limit view joebrown
  Login     Failures  Latest failure     From
  joebrown      3    12/04/15 10:38:00   192.168.0.90
  
  $ system ssh fail_limit reset joebrown
  You are about to reset the account lockout information for
    user: joebrown. This will allow this user to log back in to
    the system.  Do you wish to continue? y
  
  $ system ssh fail_limit view joebrown
  Login     Failures  Latest failure     From
  joebrown     0
  

• system ssh fail_limit unlock_time <seconds>

  Enable the unlock time and set the duration in seconds that an account will be locked for after it has been locked.

  To disable the unlock time setting, use the command with the parameter value as zero:

  system ssh fail_limit unlock_time 0

  The example output below shows the command response for parameter values:

  $ system ssh fail_limit unlock_time 60
  SSH session unlock time has been set.
  
  $ system ssh fail_limit unlock_time 0
  SSH session unlock time has been disabled.
  
  $ system ssh fail_limit unlock_time -1
  Please enter a valid number for unlock time.
  

• system ssh fail_limit unlock_time

  Display the status of the unlock time setting.

  For example:

  $ system ssh fail_limit unlock_time
  SSH session unlock time is not set.
  
  $ system ssh fail_limit unlock_time 60
  SSH session unlock time has been set.
  
  $ system ssh fail_limit unlock_time
  SSH session unlock time has been set to 60 seconds.