Answer the question
In order to leave comments, you need to log in
Is it possible to limit the number of ssh login attempts on mikrotik?
When I connect via ssh to mikrotik, now I have 3 attempts to enter a password, after which a disconnect occurs, and I have to reconnect, and again 3 attempts to enter a password. I have this limitation on ssh client i.e. I can set up 6 attempts to enter a password (to mine, the ssh server on Mikrotik allows so many). Can I limit the number of these attempts on the Mikrotik ssh server itself?
Answer the question
In order to leave comments, you need to log in
You can, for example like this:
/ip firewall filter
add action=drop chain=input comment="ssh blacklist drop" connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=4w2d chain=input comment="ssh stage3 to black list" connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input comment="ssh stage2 to stage 3" connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input comment="ssh stage1 to stage 2" connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input comment="ssh new to stage1" connection-state=new dst-port=22 protocol=tcp
Ilya Demyanov, your decision is absolutely wrong and the account immediately gets banned for 30 days. That is, if the owner accidentally enters the wrong password, then immediately block. This is not correct logic.
It is not clear why lay out the rules without checking them at all.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question