RHEL6 pam_tally2 lockouts
Mr. Paul M. Whitney
paul.whitney at me.com
Mon Jan 10 17:49:59 UTC 2011
Have you tried putting the entries in /etc/pam.d/ssh instead of system-auth?
Paul W.
On Jan 10, 2011, at 10:40, Johan Booysen <johan at matrixsolutions.co.uk> wrote:
> I'm trying to set up a RHEL6 server for sftp access only. So far it
> works very well, but I can't seem to get pam_tally2 set up to lock user
> accounts after so many unsuccessful login attempts.
>
>
>
> As far as I could find out, it should work if I add the following lines
> to /etc/pam.d/system-auth:
>
>
>
> Last line in the auth section:
>
> auth required pam_tally2.so deny=3 onerr=fail
>
>
>
> Last line in the account section:
>
> account required pam_tally2.so
>
>
>
> According to the pam_tally2 man page this should log failed attempts in
> /var/log/tallylog, but when I deliberately log in with nonsense
> usernames/password, I get absolutely nothing in the tallylog file.
> Hence running the pam_tally2 command with no options produces no
> results.
>
>
>
> /var/log/secure shows me entries such as:
>
>
>
> Jan 10 15:16:26 rhel6 sshd[1918]: Failed password for test from
> 192.x.x.x port 4467 ssh2
>
> Jan 10 15:16:29 rhel6 sshd[1918]: Failed password for test from 192.x.x.
> port 4467 ssh2
>
> Jan 10 15:16:29 rhel6 sshd[1919]: Disconnecting: Too many authentication
> failures for test
>
> Jan 10 15:16:29 rhel6 sshd[1918]: PAM 1 more authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=mc23.xxxxx.int user=test
>
>
>
> In /etc/ssh/sshd_config I've got
>
>
>
> UsePAM yes
>
> PasswordAuthentication yes
>
> ChallengeResponseAuthentication no
>
>
>
> I might be missing something silly here, so I'd really appreciate any
> advice on getting this to work on Red Hat Enterprise Linux 6.
>
>
>
> Thanks.
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list