Showing results for 
Search instead for 
Did you mean: 

Linux user account

Go to solution

Linux user account

hi friends,

Need help in locking an Linux user account after three failed logins. The server is RHEL, and i tried the PAM settings, but doesn't seem to work with RHEL. The Linux accounts are configured to login using ssh authentication.

If somebody can help me on this, I would really appreciate it.


Honored Contributor

Re: Linux user account

Which version of RHEL? ("cat /etc/redhat-release" please)


Depending on the version, the PAM module you'll need is either or


You must add the tally module to both "auth" and "account" phases in the PAM configuration: the "auth" phase increments the user's login count and rejects the login if the count is too high, the "account" phase resets the counter when a login is successful.


The ordering of PAM configuration entries is important and non-trivial. The RedHat Knowledge Base has several articles on configuring pam_tally:


Recommended configuration with pam_tally2:


With some versions (using the older pam_tally) the count may be wrong when using SSH (my guess: an attempt to use SSH key authentication may count as one login attempt?):


When the number of failed logins causes the login to be rejected, the message in the system logs may not be obvious, as with sudo: