Logo: Relish

  1. Sign in

Project: Cuke-gateway

Security

As a consumer
I want all satellite secure shell access temporarily disabled after several failed login attempts
So that intruders cannot cause trouble on my satellite

Scenarios
good password
Given
a satellite with default security policy
When
I ssh with a good password
Then
I login ok
one bad password
Given
a satellite with default security policy
When
I ssh with a bad password
Then
I see "Auth fail"
one bad password does not lock me out
Given
a satellite with 1 strike against it
When
I ssh with a good password
Then
I login ok
five bad passwords locks me out
Given
a satellite with 5 strikes against it
When
I ssh with a good password
Then
I see "Connection refused"
satellite lockout is temporary
Given
a satellite with a 2 minute lockout time policy
And
5 strikes against it
When
I wait 3 minutes
And
I ssh with a good password
Then
I login ok
six slow bad password does not lock me out
Given
a satellite with 3 strikes against it
When
I wait 6 minutes
And
I ssh with a bad password 3 times
And
I ssh with a good password
Then
I login ok
  • @wip
default security
Given
a satellite with factory security policy
When
I check that security policy
Then
I see "max_auth_failures" is 5 attempts
And
I see "lockout_time" is 30 minutes
And
I see "collection_period" is 300 seconds

Last published almost 5 years ago by awostenberg.