Login-Grace-Time
SSH connection test with login-grace-time configuration. Tests that SSH server correctly times out connections when password is not entered within the configured grace time and succeeds when password is entered quickly.
SSH Login Grace Time Success (Within Time Limit)
Description
Test that SSH connection succeeds when password is entered within grace time.
DUT0 has login-grace-time configured for 10 seconds.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.20/24 set service ssh login-grace-time 10 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.21/24 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 10.215.168.20 from DUT1:
admin@DUT1$ ping 10.215.168.20 count 1 size 56 timeout 1Show output
PING 10.215.168.20 (10.215.168.20) 56(84) bytes of data. 64 bytes from 10.215.168.20: icmp_seq=1 ttl=64 time=0.325 ms --- 10.215.168.20 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.325/0.325/0.325/0.000 ms
Step 4: Init an SSH connection from DUT1 to IP address 10.215.168.20 with a 2s delay before entering password.
This tests the login-grace-time configuration (10 seconds):
DUT1$ ssh admin@10.215.168.20 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/null
This SSH connection should succeed because the password was entered within the grace time:
Show output
Warning: Permanently added '10.215.168.20' (ECDSA) to the list of known hosts. admin@10.215.168.20's password: Welcome to Teldat OSDx v4.2.8.1 This system includes free software. Contact Teldat for licenses information and source code. Last login: Thu Dec 11 18:22:15 2025 from 10.215.168.21 admin@osdx$
SSH Login Grace Time Timeout (Exceeds Time Limit)
Description
Test that SSH connection fails when password is entered after grace time.
DUT0 has login-grace-time configured for 3 seconds.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.20/24 set service ssh login-grace-time 3 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.21/24 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 10.215.168.20 from DUT1:
admin@DUT1$ ping 10.215.168.20 count 1 size 56 timeout 1Show output
PING 10.215.168.20 (10.215.168.20) 56(84) bytes of data. 64 bytes from 10.215.168.20: icmp_seq=1 ttl=64 time=0.426 ms --- 10.215.168.20 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.426/0.426/0.426/0.000 ms
Step 4: Init an SSH connection from DUT1 to IP address 10.215.168.20 with a 5s delay before entering password.
This tests the login-grace-time configuration (3 seconds):
DUT1$ ssh admin@10.215.168.20 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/null
This SSH connection should fail because the password was entered after the grace time expired:
Show output
Warning: Permanently added '10.215.168.20' (ECDSA) to the list of known hosts. admin@10.215.168.20's password:Connection closed by 10.215.168.20 port 22 CLI Error: