How many times can root login fail?

[Mark Deibert]

I have veeeery strong password on the root login in the webGui. But, how many times can a person try to login to the webUi and fail before it blocks them or locks somehow? Am I making sense? 😕

[JonathanM]

AFAIK, the login attempts can continue until the syslog fills up RAM and crashes the server.

 

The webGUI MUST be secured behind some secondary security, it must not be directly exposed to the internet or a network where devices aren't reasonably able to be trusted.

[Mark Deibert]

Damn that sucks. I wanted to access it remotely, but I guess not. Ok, I'll remove the router forward. Thank you @jonathanm

[Hoopster]

28 minutes ago, Mark Deibert said:

Damn that sucks. I wanted to access it remotely, but I guess not. Ok, I'll remove the router forward. Thank you @jonathanm

I currently have my GUI secured and accessible through OPenVPN and ZeroTier.  You definitely do not want to expose it to the Internet directly.

 

Apparently, the upcoming 6.8 release has a WireGuard implementation and may provide remote access to the GUI as well.

 

• Forms-based webGUI authentication: now compatible with most password managers.
• WD-Discovery support: for reliable Windows Network explorer listing of your server and eliminates need for SMBv1 on your network.
• WireGuard support: for easy configuration of VPN tunnels (experimental).
• Numerous bug fixes and package updates.
• Introducing Unraid.net a set of web-based services including:
  • Server status such as online/offline, storage used/available, etc.
  • Links for local and remote access to your server webGUI.
  • Backup and Restore of your USB Flash boot device.

Edited October 4, 2019 by Hoopster

[Mark Deibert]

@Hoopster Thank you very much for sharing that info. I'm looking forward 6.8.

[almulder]

Is it safe to forward a port to a container? I have a port forward to OMBI so family can request videos/TV, and 2 open ports to my standalone NVR. No other open ports.

Also is there a way to lock down the different protocols in Unraid, I only want microsoft networking turned on, not SNMP, Telnet, SSH, TFTP, ISCSI, FTP, NFS, ect..

In my Qnap I can disable each one independently. Just want to make my unraid as secure as possible, and only have local access to it, with the exception of plex and ombi.

[Squid]

7 minutes ago, almulder said:

Is it safe to forward a port to a container? I have a port forward to OMBI so family can request videos/TV, and 2 open ports to my standalone NVR. No other open ports.

Quite commonly done, and yes

 

7 minutes ago, almulder said:

Also is there a way to lock down the different protocols in Unraid, I only want microsoft networking turned on, not SNMP, Telnet, SSH, TFTP, ISCSI, FTP, NFS, ect..

The various icons in the Settings Tab will disable what unRaid has the options for.

[almulder]

2 hours ago, Squid said:

The various icons in the Settings Tab will disable what unRaid has the options for.

Missed that and that is what I needed. Thanks.

[Frank1940]

The 'Fix Common Problems'  plugin has a "Number of allowed invalid logins per day:" setting. 

[JonathanM]

9 minutes ago, Frank1940 said:

The 'Fix Common Problems'  plugin has a "Number of allowed invalid logins per day:" setting. 

I could be wrong, but I don't think that will actually restrict anything except whether FCP will report it as an issue.

[Frank1940]

You could be right.  This is what is says in the 'Help':

Quote

Number of allowed invalid logins per day - This is the number of "grace" invalid logins allowed per day either via the local console or through SSH / Telnet (ie: you typed your password wrong) This is used to determine if any hacking attempts are being made on your server

The first portion seems to indicate that it will block logins after the number is exceeded but the last sentence seems to indicate that it may only issue a warning.  Perhaps, @Squid might shed some light on this...

[Squid]

3 hours ago, jonathanm said:

FCP will report it as an issue.

This