Skip to Main Content
IBM Power Ideas Portal


This portal is to open public enhancement requests against IBM Power Systems products, including IBM i. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Delivered
Created by Guest
Created on Feb 7, 2023

Enforce lockout after 5 or 3 failed password attempts on the SSH login on the HMC

In order to meet Lloyd’s security standards users should be locked out after 5 failed password attempts (for normal accounts) and 3 (for privileged accounts) on the SSH login on the HMC.


We want it to perform a temporary lockout, as it does for the Web GUI.

IBM development team have confirmed that the option to turn this setting on is not available as it is a custom login shell and providing an CLI SSH lockout is not currently in their development plan.

Lloyds will need to raise a Security Non-Compliance (SNC) against the HMC config workbook. To close this SNC and remediate this risk we need the IBM development to address this configuration and bring this in as part of the development plan.


The specifics that our security team are after, standards-wise are:

  • configurable number of failed passwords (when logging in with the same user account) i.e. we need 3 for privileged account access versus 5 for normal user access

  • Configurable lockout duration after x failed pwd logins (e.g. 1 minute or 60 minutes etc.). After lock-out duration has expired, the counter is reset to 0 and login is enabled again.

  • Also a configurable period of time so that the counter resets to 0 after a period of time. (This is to avoid a DoS situation where there are 2 failed login attempts [with a lockout set to 3 failed attempts], and a third failed attempt is attempted much later e.g. next day. If the counter is still at 2, that would immediately lock out the account. We don’t want that!)


Idea priority High
  • Guest
    Reply
    |
    Sep 11, 2024
    .This enhancement request is addressed as part of version release 1050.