360 Configuring Security Features
As login failures accumulate from a specific IP address, they are aged by an
internal counter. When the user logs in successfully, the failure history is
cleared and the internal counter is reset.
NOTE: When login attempts are refused from the client IP address, some SSH
clients may display the following message: ssh exchange
identification: Connection closed by remote host.
See the iDRAC6 Administrator Reference Guide available on the Dell Support
website at support.dell.com/manuals for a complete list of cfgRacTuning
Table 22-15 lists the user-defined parameters.
Table 22-15. Login Retry Restriction Properties
Property Definition
cfgRacTuneIpBlkEnable Enables the IP blocking feature.
When consecutive failures
(cfgRacTuneIpBlkFailCount) from a single IP
address are encountered within a specific amount of
time (cfgRacTuneIpBlkFailWindow), all further
attempts to establish a session from that address are
rejected for a certain timespan
cfgRacTuneIpBlkFailCount Sets the number of login failures from an IP address
before the login attempts are rejected.
cfgRacTuneIpBlkFailWindow The timeframe in seconds when the failure attempts
are counted. When the failures exceed this limit,
they are dropped from the counter.
cfgRacTuneIpBlkPenaltyTime Defines the timespan in seconds when all login
attempts from an IP address with excessive failures
are rejected.