Paul - thanks very much for your reply. My understanding was that it should go into the /etc/pam.d/system-auth file, but I've tried it in the /etc/pam.d/sshd file and it seems to work in terms of logging failed logon attempts in /var/log/tallylog, e.g. Login Failures Latest failure test 6 01/11/11 12:04:23 However, the account does not get locked out after the specified 3 number of logon attempts mentioned on the following line: auth required pam_tally2.so deny=3 onerr=fail The pam_tally2 man page mentions: deny=n Deny access if tally for this user exceeds n. Anyone have any idea why the account doesn't get locked? Regards, Johan -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Mr. Paul M. Whitney Sent: 10 January 2011 17:50 To: General Red Hat Linux discussion list Subject: Re: RHEL6 pam_tally2 lockouts Have you tried putting the entries in /etc/pam.d/ssh instead of system-auth? Paul W. On Jan 10, 2011, at 10:40, Johan Booysen <johan@xxxxxxxxxxxxxxxxxxxxx> wrote: > I'm trying to set up a RHEL6 server for sftp access only. So far it > works very well, but I can't seem to get pam_tally2 set up to lock user > accounts after so many unsuccessful login attempts. > > > > As far as I could find out, it should work if I add the following lines > to /etc/pam.d/system-auth: > > > > Last line in the auth section: > > auth required pam_tally2.so deny=3 onerr=fail > > > > Last line in the account section: > > account required pam_tally2.so > > > > According to the pam_tally2 man page this should log failed attempts in > /var/log/tallylog, but when I deliberately log in with nonsense > usernames/password, I get absolutely nothing in the tallylog file. > Hence running the pam_tally2 command with no options produces no > results. > > > > /var/log/secure shows me entries such as: > > > > Jan 10 15:16:26 rhel6 sshd[1918]: Failed password for test from > 192.x.x.x port 4467 ssh2 > > Jan 10 15:16:29 rhel6 sshd[1918]: Failed password for test from 192.x.x. > port 4467 ssh2 > > Jan 10 15:16:29 rhel6 sshd[1919]: Disconnecting: Too many authentication > failures for test > > Jan 10 15:16:29 rhel6 sshd[1918]: PAM 1 more authentication failure; > logname= uid=0 euid=0 tty=ssh ruser= rhost=mc23.xxxxx.int user=test > > > > In /etc/ssh/sshd_config I've got > > > > UsePAM yes > > PasswordAuthentication yes > > ChallengeResponseAuthentication no > > > > I might be missing something silly here, so I'd really appreciate any > advice on getting this to work on Red Hat Enterprise Linux 6. > > > > Thanks. > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list