cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2481
Views
0
Helpful
2
Replies

SSH authentication failure and log message

jabouaf
Beginner
Beginner

Hello,

With local authentication (with no aaa new-model  -no tacacs, no radius device/function)) I would like to get an information message that the authentication failed not at all error of mis-writting the password, but only when the 3th attempt/try is failed ?

Does someone knows if we can do this ?

Regards,

1 ACCEPTED SOLUTION

Accepted Solutions

Antonio Knox
Rising star
Rising star

This is possible, but you need to be running an IOS Security Feature Set.  Your command would look like this:

security authentication failure rate 3 log

For more info:

http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_r1g.html#wp1098833

Please rate this post if it helps.

Edit: Keep in mind that this command introduces a 15-second delay once the failure threshold is reached.  This is a Brute-force attack mitigation technique by design, but it does meet your requirement.  Besides this, I would recommend leaning on EEM and perhaps some TCL scripting, which far too much for such a small task.

View solution in original post

2 REPLIES 2

Antonio Knox
Rising star
Rising star

This is possible, but you need to be running an IOS Security Feature Set.  Your command would look like this:

security authentication failure rate 3 log

For more info:

http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_r1g.html#wp1098833

Please rate this post if it helps.

Edit: Keep in mind that this command introduces a 15-second delay once the failure threshold is reached.  This is a Brute-force attack mitigation technique by design, but it does meet your requirement.  Besides this, I would recommend leaning on EEM and perhaps some TCL scripting, which far too much for such a small task.

Hello Antonio,

Thank you for your answer.  THis would help me.

I'll also have a look at EEM.

Best Regards,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: