Thank you Guillaume. Ideally I’d like to log an ERROR when a user reaches the MAX_AUTH_REQUESTS attempts. Any other time I’ll simply log a warning.
Is there any way I can ask the session if the current authentication attempt is the last allowed request? … just trying to avoid having to track this in my code. Simon > On 13 Jan 2015, at 11:52, Guillaume Nodet <[email protected]> wrote: > > 2015-01-13 12:00 GMT+01:00 Simon Temple <[email protected]>: > >> >> I see that the MINA FtpServer can be configured with max-login-failures >> >> I’d like to configure our MINA SSHd server to behave a little more like >> the Linux sshd when hit with multiple failed login attempts. >> >> How could I do that? >> > > You can configure the ssh server with the ServerFactoryManager. > MAX_AUTH_REQUESTS property. > > >> I’d also like to log information about the source of the failed attempts >> so a tool like fail2ban can take some action. However I can’t see how I >> can extract source IP details from the ServerSession presented to the >> Authenticator interface. >> >> > session.getIoSession().getRemoteAddress() > > >> >> TIA >> >> Simon Temple >> >> >> > Guillaume Nodet
