Sunday, January 17, 2016

Use Pam_Tally2 to Lock and Unlock SSH Failed Login Attempts

Use ‘/etc/pam.d/password-auth‘ configuration file to configure login attempts accesses. Open this file and add the following AUTH configuration line to it at beginning of the ‘auth‘ section.


auth        required      pam_tally2.so  file=/var/log/tallylog deny=3 even_deny_root unlock_time=1200


account     required      pam_tally2.so




  1. file=/var/log/tallylog – Default log file is used to keep login counts.
  2. deny=3 – Deny access after 3 attempts and lock down user.
  3. even_deny_root – Policy is also apply to root user.
  4. unlock_time=1200 – Account will be locked till 20 Min. (remove this parameters if you want to lock down permanently till manually unlock.)


check the counter that user attempts with the following command.
# pam_tally2 --user=john


How to reset or unlock the user account to enable access again.
# pam_tally2 --user=john --reset


Verify login attempt is reset or unlocked
# pam_tally2 --user=john



Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)