Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Lock a user ssh session for X time to a switch after x attempt

I would like to know if it is possible with the IOS ( c3560  ) to lock a user ssh session for X time after he try to connect to the switch for exemple 3 times.

I know that there is this command :aaa local authentication attempts max-fail number-of-unsuccessful-attempts

https://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/g_cilprl.html

The problem is when the user is lock it need to be manually unlock by somebody else.  I just want to lock the user for a short period of time.

any idea  ?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Lock a user ssh session for X time to a switch after x attem

Phillippe,

A per user lockout time may not be possible without ACS as mentioned.

But what can be done is by enabling "login block-for"command which specifies the lockout time.

The no. of failed connection attempts will trigger this.

Meanwhile the "login quite-mode access-class" can help you define a group of host which still would have permissions to login in the quiet mode of the router, i.e excluded from the quiet mode.

2 REPLIES
Cisco Employee

Re: Lock a user ssh session for X time to a switch after x attem

Hello,

You could use TACACS authentication with Cisco ACS which will allow you to

configure number of logins/time based logins.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_ch

apter09186a0080205a6e.html#wp852208

Hope this helps.

Regards,

NT

Re: Lock a user ssh session for X time to a switch after x attem

Phillippe,

A per user lockout time may not be possible without ACS as mentioned.

But what can be done is by enabling "login block-for"command which specifies the lockout time.

The no. of failed connection attempts will trigger this.

Meanwhile the "login quite-mode access-class" can help you define a group of host which still would have permissions to login in the quiet mode of the router, i.e excluded from the quiet mode.

358
Views
5
Helpful
2
Replies
CreatePlease to create content