Book now with code EOY2025
skwira001 wrote: » I am taking the CCNA Security course through the Cisco Networking Academy. I am doing the chapter 2 lab. The lab had me set the login block-for command. Then it went into setting up SSH. I am now getting to the point where it is having me set the ip SSH authentication retries. My thinking was that I already did that with the login block-for command. I tested this out, and sure enough after I setup SSH, it gave me 3 tries to login to the router through SSH. The login block-for command is setup to only give you 2 tries. The lab had me test this through Telnet. What I'm wondering is, if the authentication retires for SSH takes precedence over the login block-for command, what's the point of even setting it if we don't use Telnet on our routers?
lrb wrote: » Could be wrong but doesn't the login commands work for ssh, telnet, and HTTP/s? And you would be suprised at how many people still use telnet for remote IP access *sigh*
lrb wrote: » The block-for feature is only one of the IOS login enhancements remember. The on-failure log and on-success log commands are also part of that, and we use them on every router at work as part of our standard router hardening. Just because there is some overlap between block-for and the authentication-retries command doesn't mean all the other commands introduced aren't helpful
Use code EOY2025 to receive $250 off your 2025 certification boot camp!
