Solved: Re: SSH authentication failure and log message

jabouaf · ‎04-27-2011

Hello,

With local authentication (with no aaa new-model -no tacacs, no radius device/function)) I would like to get an information message that the authentication failed not at all error of mis-writting the password, but only when the 3th attempt/try is failed ?

Does someone knows if we can do this ?

Regards,

Antonio Knox · ‎04-27-2011

This is possible, but you need to be running an IOS Security Feature Set. Your command would look like this:

security authentication failure rate 3 log

For more info:

http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_r1g.html#wp1098833

Please rate this post if it helps.

Edit: Keep in mind that this command introduces a 15-second delay once the failure threshold is reached. This is a Brute-force attack mitigation technique by design, but it does meet your requirement. Besides this, I would recommend leaning on EEM and perhaps some TCL scripting, which far too much for such a small task.

View solution in original post

Antonio Knox · ‎04-27-2011

This is possible, but you need to be running an IOS Security Feature Set. Your command would look like this:

security authentication failure rate 3 log

For more info:

http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_r1g.html#wp1098833

Please rate this post if it helps.

Edit: Keep in mind that this command introduces a 15-second delay once the failure threshold is reached. This is a Brute-force attack mitigation technique by design, but it does meet your requirement. Besides this, I would recommend leaning on EEM and perhaps some TCL scripting, which far too much for such a small task.

jabouaf · ‎04-27-2011

Hello Antonio,

Thank you for your answer. THis would help me.

I'll also have a look at EEM.

Best Regards,