Hughes Andy wrote:
> I am using openssh (OpenSSH_4.2p1, OpenSSL 0.9.8 05 Jul 2005) on MP-RAS
> Version and 3.2 and I desire to allow a user to fail login for
> any reason only 3 (three) times and then lock the account.

That is a very bad idea for many reasons. If you search around you
will find references to denial of service attacks due to
configurations such as what you propose. The basic problem is that an
attacker will disable the account for a valid user.

Why do you want to do this? It is computationally infeasible to brute
force through a password cracking attempt from the remote interface.

openssh-unix-dev mailing list