I'm trying to set up a RHEL6 server for sftp access only. So far it works very well, but I can't seem to get pam_tally2 set up to lock user accounts after so many unsuccessful login attempts. As far as I could find out, it should work if I add the following lines to /etc/pam.d/system-auth: Last line in the auth section: auth required pam_tally2.so deny=3 onerr=fail Last line in the account section: account required pam_tally2.so According to the pam_tally2 man page this should log failed attempts in /var/log/tallylog, but when I deliberately log in with nonsense usernames/password, I get absolutely nothing in the tallylog file. Hence running the pam_tally2 command with no options produces no results. /var/log/secure shows me entries such as: Jan 10 15:16:26 rhel6 sshd[1918]: Failed password for test from 192.x.x.x port 4467 ssh2 Jan 10 15:16:29 rhel6 sshd[1918]: Failed password for test from 192.x.x. port 4467 ssh2 Jan 10 15:16:29 rhel6 sshd[1919]: Disconnecting: Too many authentication failures for test Jan 10 15:16:29 rhel6 sshd[1918]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mc23.xxxxx.int user=test In /etc/ssh/sshd_config I've got UsePAM yes PasswordAuthentication yes ChallengeResponseAuthentication no I might be missing something silly here, so I'd really appreciate any advice on getting this to work on Red Hat Enterprise Linux 6. Thanks. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
