As login failures accumulate from a specific IP address, they are aged by an internal counter. When the user logs in successfully, the failure history is cleared and the internal counter is reset.

NOTE: When login attempts are refused from the client IP address, some SSH

clients may display the following message: ssh exchange

identification: Connection closed by remote host.

See the iDRAC6 Administrator Reference Guide available on the Dell Support website at support.dell.com/manuals for a complete list of cfgRacTuning properties.

Table 22-15 lists the user-defined parameters.

Table 22-15. Login Retry Restriction Properties

Property

Definition

 

 

cfgRacTuneIpBlkEnable

Enables the IP blocking feature.

 

When consecutive failures

 

(cfgRacTuneIpBlkFailCount) from a single IP

 

address are encountered within a specific amount of

 

time (cfgRacTuneIpBlkFailWindow), all further

 

attempts to establish a session from that address are

 

rejected for a certain timespan

 

(cfgRacTuneIpBlkPenaltyTime).

 

 

cfgRacTuneIpBlkFailCount

Sets the number of login failures from an IP address

 

before the login attempts are rejected.

 

 

cfgRacTuneIpBlkFailWindow

The timeframe in seconds when the failure attempts

 

are counted. When the failures exceed this limit,

 

they are dropped from the counter.

 

 

cfgRacTuneIpBlkPenaltyTime

Defines the timespan in seconds when all login

 

attempts from an IP address with excessive failures

 

are rejected.

 

 

360

Configuring Security Features

Page 360
Image 360
Dell IDRAC6 manual 360, Login Retry Restriction Properties Property Definition