[Bug 1628926] Re: Postpone login attempts if X successive attempts have failed
Robie Basak
1628926 at bugs.launchpad.net
Mon Oct 3 16:35:58 UTC 2016
This is a feature request that may be addressed by upstream, but
certainly won't be addressed by Ubuntu in a delta. Therefore I'm marking
the "openssh (Ubuntu)" task as Won't Fix for now, because we have no
plans to fix it in Ubuntu. If you'd still like this feature in the
openssh package, then you'll need to convince the upstream openssh
maintainers to add the feature, and then Ubuntu will in time inherit it.
** Changed in: openssh (Ubuntu)
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1628926
Title:
Postpone login attempts if X successive attempts have failed
Status in openssh package in Ubuntu:
Won't Fix
Bug description:
** This is a feature request that regards to security. **
Please add to the login method a mechanism that postpones successive
login attempts if X attempts have failed.
Obviously this can be further enhanced - for example:
If X successive login attempts failed, then disable that specific login method for that specific user for Y minutes.
If Y minutes have passed and the additional successive attempts failed again - then disable that specific login method for that specific user for 2*Y minutes.
And so on...
Values of X and Y should be configured by the 'root' user.
Benefits: greatly reduces the risk of remotely brute-forcing the
password.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1628926/+subscriptions
More information about the foundations-bugs
mailing list