[Bug 1628926] [NEW] Postpone login attempts if X successive attempts have failed
johnmne
phi.reporter at walla.co.il
Thu Sep 29 13:25:37 UTC 2016
Public bug reported:
** This is a feature request that regards to security. **
Please add to the login method a mechanism that postpones successive
login attempts if X attempts have failed.
Obviously this can be further enhanced - for example:
If X successive login attempts failed, then disable that specific login method for that specific user for Y minutes.
If Y minutes have passed and the additional successive attempts failed again - then disable that specific login method for that specific user for 2*Y minutes.
And so on...
Values of X and Y should be configured by the 'root' user.
Benefits: greatly reduces the risk of remotely brute-forcing the
password.
** Affects: openssh (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1628926
Title:
Postpone login attempts if X successive attempts have failed
Status in openssh package in Ubuntu:
New
Bug description:
** This is a feature request that regards to security. **
Please add to the login method a mechanism that postpones successive
login attempts if X attempts have failed.
Obviously this can be further enhanced - for example:
If X successive login attempts failed, then disable that specific login method for that specific user for Y minutes.
If Y minutes have passed and the additional successive attempts failed again - then disable that specific login method for that specific user for 2*Y minutes.
And so on...
Values of X and Y should be configured by the 'root' user.
Benefits: greatly reduces the risk of remotely brute-forcing the
password.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1628926/+subscriptions
More information about the foundations-bugs
mailing list