You are here

Solution: Failed ssh logins with valid user account and password

By Roddy Rodstein 09/08/2016
This post is applicable to Enterprise Linux 5 and 6, and Oracle VM 3.x.
 
Challange: Valid local user accounts are unable to login via ssh. Resetting user account passwords or unlocking a user account via the "passwd -u username" command still does not allow the user account to login via ssh. 

Solution: The PAM (Pluggable Authentication Modules) module maintains a count of attempted accesses, which is incremented on each consecutive failed connection and reset on success connections if the connection has not exceeded the deny value. Once consecutive failed attempts exceeds deny value (in this case 5) a deny access will occur on each subsequent attempts even if a correct password is used.

By default the failed logs are saved in /var/log/tallylog

To reset failed login, as root use the following command:
pam_tally2 -u username –r

To see user’s nunber of failed login attempts, use the following command:
pam_tally2 -u username

To know what are the options you can use with pam_tally2.so. Read the file from below given path.
cat /usr/share/doc/pam-1.1.1/txts/README.pam_tally2