Use Pam_Tally2 to Lock and Unlock SSH Failed Login Attempts

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.95/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Narad Shrestha

He has over 10 years of rich IT experience which includes various Linux Distros, FOSS and Networking. Narad always believes sharing IT knowledge with others and adopts new technology with ease.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

19 Responses

  1. Garima Jain says:


    I dont have password-auth file in the box. Can I update system-auth?

  2. Gustavo Cerati says:

    I thought I was going crazy! My password was not locked in /etc/shadow and I was sure I was entering the right password. Thanks!

  3. Fauzi says:

    Thanks, it works for me

  4. Danilo says:

    Thanks, it works in 6.5.

  5. Kyle says:

    I appreciate the information! It really helped with configuring the account lock. I’m curious on how you were able to configure the lockout message, however.

    Account locked due to 4 failed logins

    Unlike the above, I’m getting the standard “Access Denied” error.

  6. nilesh khetre says:

    very nice…

    It helps my team a lot….

  7. Rakesh says:

    on our setup on RHEL6.4, though the account gets locked, however the message is not informative. It is just showing the error message “access denied”

    • Kyle says:

      I have the same problem. It will lock the account successfully, however it will not provide information on this to the user. Were you able to figure out how to set the access denied error to something more like:

      Account locked due to 4 failed logins

  8. harry virk says:

    thanks :) it worked ..

  9. Jura says:

    On RHEL 6.4 it is counting failes, but never locks.

    • Ravi Saive says:

      I haven’t tried out in 6.4, will try and update you.

    • dieter says:

      On my setup it works on RHEL 6.4. The count of failed log attemps is done OK, it resets itselfs if the user success before account lockdown, and the account locks itself if fail count reaches max deny count.

      The only thing I can’t manage to do from now, is to have the reason of login deny printed (like it is shown in the article)

      • Jura says:

        Can you post your setup? I have basically copy pasted what is written in the article and everything works as described accept locking the account.

  10. JFM says:

    Can you say “denial of service”. I am sure you can. Can you say automated denial of service meaning that the unlock provison is completely useless I am sure you can too.

    If you are worried about brute force password cracking the way to go is

    1) Long, hard to guess password

    2) Setting alerts about failed logins and ensuring they are not lost in “noise”

    3) Port knocking

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *