Hello experts,
Issue: After 3 consecutive failed attempts at ssh'ing as root, from a LAN machine (say ip1), I was no longer able to ssh.
Fix: ssh as root from a different machine (ip2), issued
pfctl -T flush -t sshlockout to flush the entry, and life was good.
Questions:
- When viewing Firewall->Diagnostics->Sessions->'select rule' sshlockout had two entries for the rule. Why? One for LAN and another for WAN interface?
- Neither of entries showed the culprit ip address (ip1). Both entries were empty.
- For my future reference, how does one view entries in sshlockout table of pfctl?
- For my future reference, which configuration parameter does one tweak to adjust sshlockout? e.g. increase or decrease # of consecutive attempts? or total # of attempts in X mins etc?
Your time and responses are much appreciated.
[/list]