Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All
     

    Related Documentation

     

    Limiting the Number of User Login Attempts for SSH Sessions

    A remote administrator may login to a device through SSH. Administrator credentials are stored locally on the device. If the remote administrator presents a valid username and password, access to the TOE is granted. If the credentials are invalid, the TOE allows the authentication to be retried after an interval that starts after 1 second and increases exponentially. If the number of authentication attempts exceed the configured maximum, no authentication attempts are accepted for a configured time interval. When the interval expires, authentication attempts are again accepted.

    You can configure the device to limit the number of attempts to enter a password while logging through SSH. Using the following command, the connection can terminated if a user fails to login after a specified number of attempts:

    [edit system login] user@host# set retry options tries-before-disconnect <number>

    Here, tries-before-disconnect is the number of times a user can attempt to enter a password when logging in. The connection closes if a user fails to log in after the number specified. The range is from 1 through 10, and the default value is 10.

    You can also configure a delay, in seconds, before a user can try to enter a password after a failed attempt.

    [edit system login] user@host# set retry options backoff-threshold <number>

    Here, backoff-threshold is the threshold for the number of failed login attempts before the user experiences a delay in being able to enter a password again. Use the backoff-factor option to specify the length of the delay in seconds. The range is from 1 through 3, and the default value is 2 seconds.

    In addition, the device can be configured to specify the threshold for the number of failed attempts before the user experiences a delay in entering the password again.

    [edit system login] user@host# set retry options backoff-factor <number>

    Here, backoff-factor is the length of time, in seconds, before a user can attempt to log in after a failed attempt. The delay increases by the value specified for each subsequent attempt after the threshold. The range is from 5 through 10, and the default value is 5 seconds.

     

    Related Documentation

     

    Modified: 2016-12-23