How to force Linux users to respect max login rate
How does one set a rate-based throttle and/or quota for SSH logins per user on a shared system? For example: limit an SSH login to one time per 10 seconds.
Things I've looked at:
- pam throttle and throttle2, but those look for failed logins and then throttle. I instead want to look for successful logins and then throttle.
- fail2ban, but that blocks IPS/ranges as opposed to users, which does not help me here. (EDITED to note IP vs user blocks)
Solution 1:
fail2ban
allows custom filters and custom actions. You can create a custom filter to parse appropriate logs for successful ssh login with appropriate action.
You can find many examples of different filters in /etc/fail2ban/filter.d/
and many examples of different actions in /etc/fail2ban/action.d/
If you don't want to use IP blocking then you can lock a user account with passwd -l username
. Or you can create a script /bin/sshratelimit
which prints some strongly worded warning and set this script as the user's shell.