I'm trying to set up a RHEL6 server for sftp access only. So far it
works very well, but I can't seem to get pam_tally2 set up to lock user
accounts after so many unsuccessful login attempts.
As far as I could find out, it should work if I add the following lines
Last line in the auth section:
auth required pam_tally2.so deny=3 onerr=fail
Last line in the account section:
account required pam_tally2.so
According to the pam_tally2 man page this should log failed attempts in
/var/log/tallylog, but when I deliberately log in with nonsense
usernames/password, I get absolutely nothing in the tallylog file.
Hence running the pam_tally2 command with no options produces no
/var/log/secure shows me entries such as:
Jan 10 15:16:26 rhel6 sshd: Failed password for test from
192.x.x.x port 4467 ssh2
Jan 10 15:16:29 rhel6 sshd: Failed password for test from 192.x.x.
port 4467 ssh2
Jan 10 15:16:29 rhel6 sshd: Disconnecting: Too many authentication
failures for test
Jan 10 15:16:29 rhel6 sshd: PAM 1 more authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=mc23.xxxxx.int user=test
In /etc/ssh/sshd_config I've got
I might be missing something silly here, so I'd really appreciate any
advice on getting this to work on Red Hat Enterprise Linux 6.
redhat-list mailing list