Use Pam_Tally2 to Lock and Unlock SSH Failed Login Attempts

If you have any questions or problems regarding this article and want help within 24 Hours? Ask Now

Narad Shrestha

He has over 10 years of rich IT experience which includes various Linux Distros, FOSS and Networking. Narad always believes sharing IT knowledge with others and adopts new technology with ease.

Receive Your Free Complimentary eBook NOW! -

Download Free Linux eBooks

Advanced Bash-Scripting Guide
Linux Bible
A Newbie's Getting Started Guide to Linux
Ubuntu Linux Toolbox: 1000+ Commands

You may also like...

12 Responses

  1. Danilo says:

    Thanks, it works in 6.5.

  2. Kyle says:

    I appreciate the information! It really helped with configuring the account lock. I’m curious on how you were able to configure the lockout message, however.

    Account locked due to 4 failed logins

    Unlike the above, I’m getting the standard “Access Denied” error.

  3. nilesh khetre says:

    very nice…

    It helps my team a lot….

  4. Rakesh says:

    on our setup on RHEL6.4, though the account gets locked, however the message is not informative. It is just showing the error message “access denied”

    • Kyle says:

      I have the same problem. It will lock the account successfully, however it will not provide information on this to the user. Were you able to figure out how to set the access denied error to something more like:

      Account locked due to 4 failed logins

  5. harry virk says:

    thanks :) it worked ..

  6. Jura says:

    On RHEL 6.4 it is counting failes, but never locks.

    • Ravi Saive says:

      I haven’t tried out in 6.4, will try and update you.

    • dieter says:

      On my setup it works on RHEL 6.4. The count of failed log attemps is done OK, it resets itselfs if the user success before account lockdown, and the account locks itself if fail count reaches max deny count.

      The only thing I can’t manage to do from now, is to have the reason of login deny printed (like it is shown in the article)

      • Jura says:

        Can you post your setup? I have basically copy pasted what is written in the article and everything works as described accept locking the account.

  7. JFM says:

    Can you say “denial of service”. I am sure you can. Can you say automated denial of service meaning that the unlock provison is completely useless I am sure you can too.

    If you are worried about brute force password cracking the way to go is

    1) Long, hard to guess password

    2) Setting alerts about failed logins and ensuring they are not lost in “noise”

    3) Port knocking

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Join Over 75000+ Linux Users
  1. 51334
  2. 2657
  3. 16705

Enter your email to get latest Linux Howto's