On Sun, Mar 19, 2017 at 9:51 AM, <[email protected]> wrote: > Hello Group, > > i am using password less authentication > > i am using ssh-key pair for login . > > now my question is how do i enforcing user lock out , if some tries to > login with wrong private key ??? > > FYI - i am using ubuntu os.
If I understand correctly, you would like to lock an account if someone fails to authenticate because they are using the wrong ssh-key more than some threshold number of times. Are you sure you want to do this? If so, how would you handle these two related scenarios? 1) You are using ssh-agent with multiple keys. You ssh to your account at which point ssh-agent attempts to log in with each key until it finds one that matches. If the number of attempts exceeds your threshold, you have just locked yourself out of your own account. 2) Vengeful coworker creates a script to read /etc/password and attempts to log in to everyone's account. Everyone is locked out of their account because the number of attempts has exceeded the threshold, including the admin because he/she can only become root via sudo. Regards, - Robert -- -- You received this message because you are subscribed to the Linux Users Group. To post a message, send email to [email protected] To unsubscribe, send email to [email protected] For more options, visit our group at http://groups.google.com/group/linuxusersgroup References can be found at: http://goo.gl/anqri Please remember to abide by our list rules (http://tinyurl.com/LUG-Rules) --- You received this message because you are subscribed to the Google Groups "Linux Users Group" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
