4000 Router Series Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR2003 AC Router

131

132

133

134

135

136

137

138

139

140

122

If an FTP or virtual terminal line (VTY) user fails authentication, the system adds the user to a password

control blacklist. If a user fails to provide the correct password after the specified number of consecutive

attempts, the system takes one of the following actions:

• If prohibited permanently, the user can log in only after you remove the username from the

password control blacklist by using the reset password-control blacklist command.

• If prohibited temporarily, the user can log in again after the lock time elapses or after you remove

the username from the password control blacklist by using the reset password-control blacklist

command.

• If not prohibited from logging in, the username is removed from the password control blacklist when

the user logs in to the system successfully.

The password-control login-attempt command takes effect immediately after being executed, and can

affect the users already in the password control blacklist.

Examples

# Set the maximum number of login attempts to 4 and permanently prohibit a user from logging in if the

user fails to log in after four attempts.

<Sysname> system-view

[Sysname] password-control login-attempt 4 exceed lock

Later, if a user fails to log in after four attempts, you can find it in the password control blacklist, with its

status changed from unlock to lock:

[Sysname] display password-control blacklist

Username: test

IP: 192.168.44.1 Login failures: 4 Lock flag: lock

Blacklist items matched: 1.

The user can no longer log in.

# Set the maximum number of login attempts to 2 and prohibit a user from logging in within 3 minutes

if the user fails to log in after two attempts.

<Sysname> system-view

[Sysname] password-control login-attempt 2 exceed lock-time 3

Later, if a user fails to log in after two attempts, you can find it in the password control blacklist, with its

status changed from unlock to lock:

[Sysname] display password-control blacklist

Username: test

IP: 192.168.44.1 Login failures: 2 Lock flag: lock

Blacklist items matched: 1.

After 3 minutes, the user is removed from the password control blacklist and can log in again.

Related commands

• display local-user

• display password-control

• display password-control blacklist

• display user-group