View Single Post
Old 06-21-2017, 05:29 PM
ekoranyi ekoranyi is offline
VanDyke Technical Support
Join Date: Jan 2017
Posts: 654
Hi ChuckS@CAM-Ohio,

One issue we will run into is a failed auth trigger won't be tripped until the number of attempts exceeds what is set in the MaximumAuthenticationRetries.
If root is denied by any method the user can never get more than "1" authentication attempt.

We could set MaximumAuthenticationRetries to 1 to include root attempts but this may negatively impact legitimate users who mis-type a password.

One option may be to craft a script that on every authentication failure checks to see if the user was root, if so add that IP to the deny host file and if not do nothing. This would allow Deny Hosts to work as intended adding an IP after 3 failed authentication attempts for normal users, but adding the IP for any connection attempting to use root after the first attempt.

What does your current Failed Login script do when it's fired?

VanDyke Software
Technical Support
(505) 332-5730
Reply With Quote