RHEL6 pam_tally2 lockouts
Johan Booysen
johan at matrixsolutions.co.uk
Mon Jan 10 15:40:27 UTC 2011
I'm trying to set up a RHEL6 server for sftp access only. So far it
works very well, but I can't seem to get pam_tally2 set up to lock user
accounts after so many unsuccessful login attempts.
As far as I could find out, it should work if I add the following lines
to /etc/pam.d/system-auth:
Last line in the auth section:
auth required pam_tally2.so deny=3 onerr=fail
Last line in the account section:
account required pam_tally2.so
According to the pam_tally2 man page this should log failed attempts in
/var/log/tallylog, but when I deliberately log in with nonsense
usernames/password, I get absolutely nothing in the tallylog file.
Hence running the pam_tally2 command with no options produces no
results.
/var/log/secure shows me entries such as:
Jan 10 15:16:26 rhel6 sshd[1918]: Failed password for test from
192.x.x.x port 4467 ssh2
Jan 10 15:16:29 rhel6 sshd[1918]: Failed password for test from 192.x.x.
port 4467 ssh2
Jan 10 15:16:29 rhel6 sshd[1919]: Disconnecting: Too many authentication
failures for test
Jan 10 15:16:29 rhel6 sshd[1918]: PAM 1 more authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=mc23.xxxxx.int user=test
In /etc/ssh/sshd_config I've got
UsePAM yes
PasswordAuthentication yes
ChallengeResponseAuthentication no
I might be missing something silly here, so I'd really appreciate any
advice on getting this to work on Red Hat Enterprise Linux 6.
Thanks.
More information about the redhat-list
mailing list