SSH Login Fail Limit
--------------------

.. index:: system;system ssh fail_limit

An administrator can view and modify the number of 
login attempts for a user.

* The default number of failed login attempts for a
  user is 10 before the account is locked.
* The default duration that an account will be locked,
  is 15 minutes (900 seconds).


* **system ssh fail_limit set <number>**

  Set the number of failed login attempts for all user
  accounts on this system before account lockout occurs.
  For example:
  
  ::
  
     $ system ssh fail_limit set 3
     You are about to set a limit for failed login attempts. 
        This limit will apply to all user accounts on this system. 
        Do you wish to continue? Y
  

* **system ssh fail_limit view**

  Show the current number of failed logins allowed

  ::

     $ system ssh fail_limit view
     SSH session fail_limit is set to 10 


* **system ssh fail_limit view <username>**
  
  View the current status of a user's failed login attempts.
  Examples:
  
  ::
  
     $ system ssh fail_limit view joebrown
     Login     Failures  Latest failure     From
     joebrown     0   

     $ system ssh fail_limit view joebrown
     Login     Failures  Latest failure     From
     joebrown      1    12/04/15 10:38:00   192.168.0.90

  If no users are defined, the message ``No users created`` is shown.


* **system ssh fail_limit status**
  
  View the current status of all users failed login attempts

  Examples:
  
  ::
  
     $ system ssh fail_limit status
     Login     Failures  Latest failure     From
     joebrown     0   


* **system ssh fail_limit reset <username>**
  
  Reset the limit back to 0 on a locked out account. This
  will allow a user to log back in to the system without
  resetting a password after a lockout occurs. 
  For example:

  ::

     $ system ssh fail_limit view joebrown
     Login     Failures  Latest failure     From
     joebrown      3    12/04/15 10:38:00   192.168.0.90

     $ system ssh fail_limit reset joebrown
     You are about to reset the account lockout information for 
       user: joebrown. This will allow this user to log back in to
       the system.  Do you wish to continue? y

     $ system ssh fail_limit view joebrown
     Login     Failures  Latest failure     From
     joebrown     0   


* **system ssh fail_limit unlock_time <seconds>**
  
  Enable the unlock time and set the duration in seconds
  that an account will be locked for after it has been locked.
  
  To disable the unlock time setting, use the command
  with the parameter value as zero:
  
  **system ssh fail_limit unlock_time 0**  

  The example output below shows the command response
  for parameter values:

  ::

     $ system ssh fail_limit unlock_time 60
     SSH session unlock time has been set.

     $ system ssh fail_limit unlock_time 0
     SSH session unlock time has been disabled.

     $ system ssh fail_limit unlock_time -1
     Please enter a valid number for unlock time.


* **system ssh fail_limit unlock_time**

  Display the status of the unlock time setting.

  For example:

  ::

     $ system ssh fail_limit unlock_time
     SSH session unlock time is not set.

     $ system ssh fail_limit unlock_time 60
     SSH session unlock time has been set.

     $ system ssh fail_limit unlock_time
     SSH session unlock time has been set to 60 seconds.



.. |VOSS Automate| replace:: VOSS Automate
.. |Unified CM| replace:: Unified CM