How to force Linux users to respect max login rate

ssh rate-limiting throttling

How does one set a rate-based throttle and/or quota for SSH logins per user on a shared system? For example: limit an SSH login to one time per 10 seconds.

Things I've looked at:

  • pam throttle and throttle2, but those look for failed logins and then throttle. I instead want to look for successful logins and then throttle.
  • fail2ban, but that blocks IPS/ranges as opposed to users, which does not help me here. (EDITED to note IP vs user blocks)

Solution 1:

fail2ban allows custom filters and custom actions. You can create a custom filter to parse appropriate logs for successful ssh login with appropriate action.

You can find many examples of different filters in /etc/fail2ban/filter.d/ and many examples of different actions in /etc/fail2ban/action.d/

If you don't want to use IP blocking then you can lock a user account with passwd -l username. Or you can create a script /bin/sshratelimit which prints some strongly worded warning and set this script as the user's shell.

Related

How to redirect all Apache 2.4 websites to maintenance page while allowing access to specified IP addresses
Installing php-fpm apache 2.4.6 on Centos 7
rclone quits FTP server after asking for UTF8
Advertise self as ipv6 dns server, with ra-pd / radvd
Enable offline file sync for computer owner only
Issue expanding raid6 array using storcli
ssh and monitor attached on the server [closed]
Synonyms for "default"
What is "reboatory"?
What is the opposite of postpone? [duplicate]
What are: province, territory, protectorate, state...?
Why are numbers sometimes spelled out and then numerals specified as well? [closed]