I would like to know if it is possible with the IOS ( c3560 ) to lock a user ssh session for X time after he try to connect to the switch for exemple 3 times.
I know that there is this command :aaa local authentication attempts max-fail number-of-unsuccessful-attempts
The problem is when the user is lock it need to be manually unlock by somebody else. I just want to lock the user for a short period of time.
any idea ?
A per user lockout time may not be possible without ACS as mentioned.
But what can be done is by enabling "login block-for"command which specifies the lockout time.
The no. of failed connection attempts will trigger this.
Meanwhile the "login quite-mode access-class" can help you define a group of host which still would have permissions to login in the quiet mode of the router, i.e excluded from the quiet mode.