1. Put the engine in a match block where passowrd authentication is possible. 2. Firewalld rate limit has a burst effect so ot will never limit on the third attempt. Put a higher value like 10-15 and you will notice that it works. Usually infrastructure like oVirt ahould not be exposed to the wild (internet). Best Regards,Strahil Nikolov Hello, 1. Is it possible to disable ssh root password authentication in a working oVirt cluster without any problems? (host and ovirt-engine) /etc/ssh/sshd_config PasswordAuthentication no The SSH public authentication key is set on the host. 2. I tried setting ssh rate limit using firewall-cmd but it doesn't work for some reason. I can log in more than once. firewall-cmd --permanent --add-rich-rule='rule family="ipv4" priority="-1" service name=ssh limit value=3/m accept' There is best practice for this? Thanks Peter _______________________________________________ Users mailing list -- users(a)ovirt.org To unsubscribe send an email to users-leave(a)ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/A45N3C7GLFK...