lock after failed login attempt with pubkey

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi all,

I would like to know if the following is possible:

I use public key authentication with SSH, but I want to incorporate a
mechanism that locks the account when someone has three unsuccessful
login attempts (entering the wrong passphrase).
The OS we use is FreeBSD (but I don't think this will matter much).

I've searched the internet for this, but my searches returned nothing,
except how to do this with password authentication.

I personally think this isn't possible, but I would like to know for
The reason this wouldn't be possible IMO is that with pubkey
authentication you enter your passphrase on the client to 'unlock' your
private key. I guess the number of times you can enter your passphrase
for your private key is configurable. Only after these x-times of wrong
passphrases a failed login is sent to the server.

However, I am not certain on this matter. So could you help me out,
please. Is it, at all, possible to have your account locked after three
failed login attempts, when working with public key authentication? If
it isn't possible, could you explain why not? And if it *is* possible to
do this, could you explain how it is done?

Thanks in advance.

Re: lock after failed login attempt with pubkey

Quoted text here. Click to load it

Does he want a virus to lock out all your accounts in minutes?  Some
security officers forget that proper securiy involves allowing access
as well as denying it.

Elvis Notargiacomo  master AT barefaced DOT cheek
http://www.notatla.org.uk/goen /

Site Timeline