cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1459
Views
5
Helpful
2
Replies

Lock a user ssh session for X time to a switch after x attempt

I would like to know if it is possible with the IOS ( c3560  ) to lock a user ssh session for X time after he try to connect to the switch for exemple 3 times.

I know that there is this command :aaa local authentication attempts max-fail number-of-unsuccessful-attempts

https://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/g_cilprl.html

The problem is when the user is lock it need to be manually unlock by somebody else.  I just want to lock the user for a short period of time.

any idea  ?

1 Accepted Solution

Accepted Solutions

Tharak Abraham
Level 3
Level 3

Phillippe,

A per user lockout time may not be possible without ACS as mentioned.

But what can be done is by enabling "login block-for"command which specifies the lockout time.

The no. of failed connection attempts will trigger this.

Meanwhile the "login quite-mode access-class" can help you define a group of host which still would have permissions to login in the quiet mode of the router, i.e excluded from the quiet mode.

View solution in original post

2 Replies 2

Nagaraja Thanthry
Cisco Employee
Cisco Employee

Hello,

You could use TACACS authentication with Cisco ACS which will allow you to

configure number of logins/time based logins.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_ch

apter09186a0080205a6e.html#wp852208

Hope this helps.

Regards,

NT

Tharak Abraham
Level 3
Level 3

Phillippe,

A per user lockout time may not be possible without ACS as mentioned.

But what can be done is by enabling "login block-for"command which specifies the lockout time.

The no. of failed connection attempts will trigger this.

Meanwhile the "login quite-mode access-class" can help you define a group of host which still would have permissions to login in the quiet mode of the router, i.e excluded from the quiet mode.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: