iBMC Lockout (Incorrect user name or password)

After several (5 by default) incorrect attempts to log in to iBMC, you will be temporarily locked out from logging in entirely. iBMC will display the following message as a result even if the provided password is correct:

"Incorrect user name or password. If your account is locked, try again 5 minutes later."

This happens most frequently on iBMC configured with a public IP address without any firewall in place due to brute force attack. To be able to re-gain access, the only option is to wait five minutes.

Once you've been able to re-gain access, measures can be taken the prevent this behavior in the future. The safest way is to disable SSH, as incorrect login attempts via SSH have impact on the web interface as well.

Disabling SSH can be done under Configuration - Services, simply flicking the switch to Off next to SSH.

Under the Security tab (still under Configuration) it is possible to disable the lockout entirely, but is not recommend tp discourage brute force attacks.

No Comments
Back to top