1. Put the engine in a match block where passowrd authentication is possible.<div><br></div><div>2. Firewalld rate limit has a burst effect so ot will never limit on the third attempt. Put a higher value like 10-15 and you will notice that it works.</div><div><br></div><div>Usually infrastructure like oVirt ahould not be exposed to the wild (internet).</div><div><br></div><div>Best Regards,</div><div>Strahil Nikolov</div><div> <br> <blockquote style="margin: 0 0 20px 0;"> <div style="font-family:Roboto, sans-serif; color:#6D00F6;">  </div> <div style="padding: 10px 0 0 20px; margin: 10px 0 0 0; border-left: 1px solid #6D00F6;"> <div dir="ltr">Hello,<br></div><div dir="ltr"><br></div><div dir="ltr">1.<br></div><div dir="ltr">Is it possible to disable ssh root password authentication in a working oVirt cluster without any problems? (host and ovirt-engine)<br></div><div dir="ltr"><br></div><div dir="ltr">/etc/ssh/sshd_config<br></div><div dir="ltr">PasswordAuthentication no<br></div><div dir="ltr"><br></div><div dir="ltr">The SSH public authentication key is set on the host.<br></div><div dir="ltr"><br></div><div dir="ltr">2.<br></div><div dir="ltr"><br></div><div dir="ltr">I tried setting ssh rate limit using firewall-cmd but it doesn't work for some reason. I can log in more than once.<br></div><div dir="ltr"><br></div><div dir="ltr">firewall-cmd --permanent --add-rich-rule='rule family="ipv4" priority="-1" service name=ssh limit value=3/m accept'<br></div><div dir="ltr">There is best practice for this?<br></div><div dir="ltr"><br></div><div dir="ltr">Thanks<br></div><div dir="ltr">Peter<br></div><div dir="ltr">_______________________________________________<br></div><div dir="ltr">Users mailing list -- <a ymailto="mailto:users@ovirt.org" href="mailto:users@ovirt.org">users@ovirt.org</a><br></div><div dir="ltr">To unsubscribe send an email to <a ymailto="mailto:users-leave@ovirt.org" href="mailto:users-leave@ovirt.org">users-leave@ovirt.org</a><br></div><div dir="ltr">Privacy Statement: <a href="https://www.ovirt.org/privacy-policy.html" target="_blank">https://www.ovirt.org/privacy-policy.html</a><br></div><div dir="ltr">oVirt Code of Conduct: <a href="https://www.ovirt.org/community/about/community-guidelines/" target="_blank">https://www.ovirt.org/community/about/community-guidelines/</a><br></div><div dir="ltr">List Archives: <a href="https://lists.ovirt.org/archives/list/users@ovirt.org/message/A45N3C7GLFKOFS7ZHR72ILIMK66ZGHP5/" target="_blank">https://lists.ovirt.org/archives/list/users@ovirt.org/message/A45N3C7GLFKOFS7ZHR72ILIMK66ZGHP5/</a><br></div> </div> </blockquote></div>