Updated on 2024-09-24 GMT+08:00

Configuring User Login Lockout

To harden login security, the source IP address, or the combination of the user account and source IP address, or user account will be locked out if the number of consecutive invalid password attempts exceeds the configured threshold.

This topic describes how to configure the user login lockout, including changing the lockout method, lockout duration, and maximum login attempts.

Prerequisites

You have the management permissions for the System module.

Procedure

  1. Log in to your bastion host.
  2. Choose System > Sysconfig > Security.
  3. In the UserLock Config area, click Edit.

    Complete configurations as prompted.
    Figure 1 UserLock Config
    Table 1 Parameters for configuring user lockout

    Parameter

    Description

    Lock

    User lock mode. You can select User + Source IP, User, or Source IP.

    • User: If the number of consecutive failed password attempts exceeded the upper limit, the user is blocked by the system.
    • Source IP: If the number of consecutive failed password attempts exceeded the upper limit, the source IP address is blocked by the system.
    • User + Source IP: If the number of consecutive failed password attempts exceeded the upper limit, the login name and source IP address are blocked by the system.

    Password attempt

    Allowed maximum number of consecutive failed password attempts.

    • Default value: 5
    • Value range: 0 to 999
    • If this parameter is set to 0, the user account will not be locked out even if the password is incorrect.

    Lock duration

    Lockout duration

    • Default value: 30 minutes
    • Value range: 0 to 10080, in minutes
    • If this parameter is set to 0, the user account or source IP address will be locked out unless the administrator unlocks it.

    Count reset duration

    Duration after which the number of login failures is reset to 0.

    • Default value: 5 minutes
    • Value range: 1 to 10080, in minutes

  4. Click OK. You can then check the lockout configuration of the current system user on the Security tab.