How to lock users with PAM in Scientific Linux 5.5?

Question

I need to lock the users that are trying to log in via SSHD after 5 unsuccessful login tries. I already googled for it, but I just can see it working:

root@server:~# faillog -u testuser
Login       Failures Maximum Latest                   On
testuser        0        0

The Maximum faillog is always 0 for a reason...

QUESTION: What packages do I need to have installed? What settings do I have to make? I know that I must have "UsePAM yes" in the sshd_config, that's OK. Does it counts that where am I putting the PAM lines in ex.: system-auth?

score 2 · Accepted Answer · answered Jun 14 '13 at 12:47

Use the pam_tally2 module of pam(already built-in on pam package)

Add the following line on the /etc/pam.d/system-auth file

 auth required pam_tally.so onerr=fail deny=5 unlock_time=21600

Where:

deny=5: Number of tries
onerr=fail: Default behavior if something weird happens to pam
unlock_time: Number of seconds to unlock again the account.

Now, is just use pam(UsePam=yes) on sshd.

How to lock users with PAM in Scientific Linux 5.5?

1 Answers1