This tip from one of our customer support technicians provides some examples of VShell^® failed authentication triggers in a Microsoft Windows environment.

Setting up E-mail Notification for Failed Authentication Events Using VShell Triggers

The VShell server supports the specification of a failed authentication trigger command. This command will run after the limit of failed authentication attempts has been reached for the current connection. For example, if a connection exceeds the limit of failed authentication attempts, this trigger can execute commands that cause specific information to be logged to a separate file, or even send e-mail notifications.

To set up a failed authentication trigger command, open the VShell Control Panel and select the Common / Triggers category. Select the Authentication failed trigger, then press the Edit button. The Enable Trigger option must be enabled for the specified command to be executed upon an authentication failure event. The first field, which is required, is for the command that will be executed. This could be cmd.exe, a script, or some other executable. The second field is for any parameters that the command will use.

One early sign of a potential intrusion attempt is someone exceeding a specified number of logon attempts. With quick notification, an intrusion attempt can be deflected, saving recovery time and potential theft of critical data.

VShell's failed authentication trigger can help busy system administrators get quick notification about authentication failure events on their systems so that they can temporarily shut down an account for a specific user, or an IP address or range of IP addresses.

The failed authentication trigger initiates a command after a user exceeds the permitted number of logon attempts and can be used to send an e-mail or pager notification to the administrator. This trigger provides the ability to embed IP address, time, and user information into the message. The trigger can also provide important history by logging failed authentication attempts to a separate log file.

When used with appropriate authentication methods, access controls, connection filters, and other Secure Shell variables, failed authentication triggers can help you implement an effective security policy.

For more information on using VShell's trigger commands, see the Triggers topic in the VShell Help.

The authentication failed trigger supports the following command substitution variables:

%D -- Date of occurrence

%I -- IP address of user

%T -- Time of occurrence

%U -- User

If you're a system administrator, you may want more visibility or immediate notification when an authentication failure event occurs. Below is an example that shows how to set up an authentication trigger that will send an e-mail notification of the failure event. This example uses a VBScript that takes parameters for the information pertaining to the failed authentication attempt (source IP, date, time, and username). The script will then send an e-mail to the specified recipient with the failed authentication details. The script will also log this information to the file specified in the script. If the script encounters any fatal errors, they will be logged to the Windows Event Log.

Set up VShell's Authentication Failure Trigger Command to:

C:\Windows\System32\cscript.exe

Set up VShell's Authentication Failure Trigger Parameters to:

"C:\VShellAuthFailureTriggerScript.vbs" %I %D %T %U

Here is the sample VBScript code for the Failed Authentication Trigger Script in its entirety: VShellAuthFailureTriggerScript.txt (for this script to work properly, you should save the file with a .vbs extension). You will also need to specify the source and destination e-mail addresses and the SMTP server information in the script.

Was this information helpful?


	Products	Downloads	Purchase	Support	About Us
	VShell Server	VShell Server	Buy Direct	Evaluation	Contact
	SecureCRT	SecureCRT	License Pricing	Updates Policy	Press Releases
	SecureFX	SecureFX	About Encryption Export	FAQs	What's New
	VanDyke ClientPack	VanDyke ClientPack	Orders FAQ	Tips & How-Tos	Customer Stories
	Beta Software	Beta Software	Resellers	Forums	Secure Solutions
Site Map \| Legal Notices \| Privacy Policy \| Refund Policy VShell, SecureCRT, SecureFX, Entunnel, CRT, and AbsoluteFTP are trademarks or registered trademarks of VanDyke Software, Inc. in the United States and/or other countries. All other trademarks or registered trademarks are the property of their respective owners. Copyright © 1995 - VanDyke Software, Inc. All rights reserved.

About Encryption Export

Site Map | Legal Notices | Privacy Policy | Refund Policy

VShell, SecureCRT, SecureFX, Entunnel, CRT, and AbsoluteFTP are trademarks or registered trademarks of VanDyke Software, Inc. in the United States and/or other countries. All other trademarks or registered trademarks are the property of their respective owners.

This tip from one of our customer support technicians provides some examples of VShell® failed authentication triggers in a Microsoft Windows environment.

Setting up E-mail Notification for Failed Authentication Events Using VShell Triggers

This tip from one of our customer support technicians provides some examples of VShell^® failed authentication triggers in a Microsoft Windows environment.