pam_tally with sshd: ssh password-based failures not tally'd
Adam Monsen
haircut at gmail.com
Sat Oct 16 17:56:45 UTC 2004
I can't get password-based failures to be recorded using pam_tally.
Anyone have any PAM/sshd insight? Here's my /etc/pam.d/sshd:
#%PAM-1.0
auth required pam_stack.so service=system-auth
auth required pam_tally.so
auth required pam_nologin.so
account required pam_tally.so deny=3
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_limits.so
session optional pam_console.so
/var/log/faillog is never written to when a failed password-based
login attempt occurs.
# ls -l /var/log/faillog
-rw-r----- 1 root root 12312 Oct 16 10:31 /var/log/faillog
I tried restarting sshd, but no luck. Nothing helpful about why these
attempts are not recorded. I'm running Fedora Core 1 with
openssh-server-3.6.1p2-19.
Do I need PAMAuthenticationViaKbdInt or UseLogin or something else set
in /etc/ssh/sshd_config? I don't want to mess with these without
understanding their purpose.
I did get pam_tally to work with 'su' by modifying /etc/pam.d/su in a
similar way. Anyone know why /etc/pam.d/su uses the following format
for specifying the location of a PAM module?
auth required /lib/security/$ISA/pam_tally.so
>From what I can tell, /lib/security/ is the default location searched
for modules, so this seems unnecessary.
--
Adam Monsen <adamm at wazamatta.com>
http://adammonsen.com/
More information about the Pam-list
mailing list