Users Guide

Show SSH

Shows the SSH lockout configuration settings and the active SSH client sessions.

Figure 813: Show SSH Command

SSH Account Lockout Alerts

Alerts for SSH lockout events are logged in to the Event Viewer when any of the following conditions are

present:

n SSH lockout configurations are performed

n Account is locked

n Account is unlocked

n Failed SSH login attempts

SSH Account Lockout Behavior

The SSH account lockout feature is disabled by default.

1. To enable SSH account lockout:

n Perform the ssh lockout count or ssh lockout duration configuration options.

2. To disable the feature, perform ssh lockout reset.

3. If the SSH account lockout feature is configured with failed attempts=3 and unlock time = 5 minutes:

n CLI access via SSH (password-based) authentication is locked on three consecutive failed login attempts.

n If the failed password attempt continues (even after the account is locked), the unlock time shifts for the

next five minutes (as in this example) from the current time from the last failed login attempt.

n Successful password-based SSH logins are rejected during the lockout period.

n Console-based logins are allowed during the lockout period.

n SSH logins via public key methods are allowed during the lockout period.

4. Administrators can use any of the above options to reset the SSH account lockout by issuing the ssh

unlock command.

5. After the lockout period, successful SSH logins are accepted and the account is unlocked.

Dell Networking W-ClearPass Policy Manager 6.6 | User Guide Command Line Interface | 855