Configuring User Login Lockout

To harden login security, the source IP address, or the combination of the user account and source IP address, or user account will be locked out if the number of consecutive invalid password attempts exceeds the configured threshold.

This topic describes how to configure the user login lockout, including changing the lockout method, lockout duration, and maximum login attempts.

Prerequisites

You have the management permissions for the System module.

Procedure

Log in to your bastion host.
Choose System > Sysconfig > Security.

In the UserLock Config area, click Edit.

Complete configurations as prompted.

Figure 1 UserLock Config

**Table 1** Parameters for configuring user lockout
Parameter	Description
Lock	User lock mode. You can select User + Source IP, User, or Source IP. User: If the number of consecutive failed password attempts exceeded the upper limit, the user is blocked by the system. Source IP: If the number of consecutive failed password attempts exceeded the upper limit, the source IP address is blocked by the system. User + Source IP: If the number of consecutive failed password attempts exceeded the upper limit, the login name and source IP address are blocked by the system.
Password attempt	Allowed maximum number of consecutive failed password attempts. Default value: 5 Value range: 0 to 999 If this parameter is set to 0, the user account will not be locked out even if the password is incorrect.
Lock duration	Lockout duration Default value: 30 minutes Value range: 0 to 10080, in minutes If this parameter is set to 0, the user account or source IP address will be locked out unless the administrator unlocks it.
Count reset duration	Duration after which the number of login failures is reset to 0. Default value: 5 minutes Value range: 1 to 10080, in minutes