A
A
Alexander Semenenko2017-03-29 11:09:41
Mikrotik
Alexander Semenenko, 2017-03-29 11:09:41

Is it possible to limit the number of ssh login attempts on mikrotik?

When I connect via ssh to mikrotik, now I have 3 attempts to enter a password, after which a disconnect occurs, and I have to reconnect, and again 3 attempts to enter a password. I have this limitation on ssh client i.e. I can set up 6 attempts to enter a password (to mine, the ssh server on Mikrotik allows so many). Can I limit the number of these attempts on the Mikrotik ssh server itself?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
I
Ilya Demyanov, 2017-03-29
@turbidit

You can, for example like this:

/ip firewall filter
add action=drop chain=input comment="ssh blacklist drop" connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=4w2d chain=input comment="ssh stage3 to black list" connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input comment="ssh stage2 to stage 3" connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input comment="ssh stage1 to stage 2" connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input comment="ssh new to stage1" connection-state=new dst-port=22 protocol=tcp

We add ip from each new connection to the stage1 list for one minute, if there is another attempt during this minute, then we transfer it to stage2, then to stage3, and from there to the blacklist for 30 days, which, accordingly, we drop with the first rule.

N
NightLan, 2021-03-24
@NightLan

Ilya Demyanov, your decision is absolutely wrong and the account immediately gets banned for 30 days. That is, if the owner accidentally enters the wrong password, then immediately block. This is not correct logic.
It is not clear why lay out the rules without checking them at all.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question