Hughes Andy wrote:
> I am using openssh (OpenSSH_4.2p1, OpenSSL 0.9.8 05 Jul 2005) on MP-RAS
> Version 3.3.1.8 and 3.2 and I desire to allow a user to fail login for
> any reason only 3 (three) times and then lock the account.


That is a very bad idea for many reasons. If you search around you
will find references to denial of service attacks due to
configurations such as what you propose. The basic problem is that an
attacker will disable the account for a valid user.

Why do you want to do this? It is computationally infeasible to brute
force through a password cracking attempt from the remote interface.

Bob
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/lis...enssh-unix-dev