|
I tried to connect to my web hosting account through SSH and fat-fingered the password three times in a row, and now I can no longer connect at all. It appears my "IP address might have been temporarily banned after several consecutive failed connection attempts" according to docs . How many days do these bans typically last? |
|
The bans last exponentially longer with more and more failed login attempts from your IP address; the first ban lasts only about 10 minutes, but subsequent bans raise this length substantially, and at maximum the ban can last upwards of a week (although this is rare for legitimate users, it can be common for brute-force password-guessers). As SethKinast mentioned, you can open a support ticket to request your IP be unblocked. Be sure to include the IP address you are connecting from in order to be sure that we check and unblock the correct IP. Finally, also as mentioned, One effective method to prevent this from happening in the future is to utilize SSH keys. This way, even if your local private key is encrypted, multiple failed attempts at decrypting your private key will have no effect on the server (as it is a client-side operation). Hope that helps! I think there's a special case where someone forgot to change a permission of a private key then got an error "WARNING: UNPROTECTED PRIVATE KEY FILE!"... that could somehow invalidate the key login. Then user forgot the password when asked, it all fails and banned. I think it's easier for us to have a little bit of control if we have a page where we can input IPs to be whitelisted.. OR just unblock IPs. If the permissions on the key are invalid, SSH would fall back to the next authentication mechanism and will ask for a password. The login will be invalidated only if the password is incorrect. In this case, the IP address will be blocked temporarily. As for unblocking the IP addresses, users can always post a ticket, and a support operator will unblock the IP address. The strategy makes sense from a technical perspective, but it is extremely impractical to have an exponential lockout. I had an old password in my FTP client and it auto-retried a few times when I clicked connect and locked me out. Very inconvenient as I was trying to see if some malicious files were created in my account...I'm stuck here waiting for support to unlock me so I can go check the files and clean up as necessary. A useful addition might be to allow unlocking from the Control Panel to reduce the reliance on support to handle these cases. An alternative may be to send an unlock email to the registered admin email address that an unblock the IP. The current design is very much lacking in sophistication and a byproduct is that it can promote the use of unsafe passwords to avoid mistakes or reduce the frequency with which users update their passwords to avoid these types of scenarios. |
You can open a support ticket to get unblocked. Additionally, I definitely suggest setting up an SSH key so that you don't need a password to log in. http://www.howtoforge.com/ssh_key_based_logins_putty