Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Customizing sshlockout

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 2 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Maxamoto
      last edited by

      Is there any way to customize the behavior of the sshlockout script? For example, change to block after three failed attempts instead of 15, making the table permanent between reboots, etc. Even the mighty Google didn't seem to be able to answer this one… Thanks in advance!

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        @Maxamoto:

        Is there any way to customize the behavior of the sshlockout script? For example, change to block after three failed attempts instead of 15, making the table permanent between reboots, etc. Even the mighty Google didn't seem to be able to answer this one… Thanks in advance!

        To make it permanent, install cron package and remove/edit sshlockout clean script.

        */60    *      *      *      *      root    /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout

        Of course, test any change on lab before production.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • M
          Maxamoto
          last edited by

          Thanks for the assist, but I already tried that. Table is still erased after reboot. There is no option to customize the amount of failed logins it takes to initiate a sshlockout?

          1 Reply Last reply Reply Quote 0
          • M
            Maxamoto
            last edited by

            Kudos to phil.davis for knowing how this works. Here's his howto:

            /etc/inc/system.inc has the code that write /var/etc/syslog.conf
            This does "exec /usr/local/sbin/sshlockout_pf 15"
            sshlockout_pf.c takes the failed attempt limit as a parameter.
            In the current system, you would have to manually edit /etc/inc/system.inc to change the parameter.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.