On Mon, 4 Apr 2011, Tom Yates wrote: > i occasionally trip my iptables rule myself, for example if i scp a couple > of files off a server and then go back for a third; i feel it would be a > shame to lock myself out for an hour, by doing that. An argument for something like pam_tally? Ideally, you'd want it to be IP specific like your iptables techniques. You do really want something that can distinguish between a successful and a failed login though. jh