Hi. On Tue, 23 Feb 2016 14:52:59 -0600 Nicholas Geovanis <nickgeova...@gmail.com> wrote:
> Debian 8 jessie. > The goal is to block SSH logins with multiple incorrect password tries. > I've added these lines to my /etc/pam.d/sshd file: > > auth optional pam_echo.so Before sshd pam_tally > auth required pam_tally2.so file=/var/log/tallylog deny=3 audit > onerr=fail > auth optional pam_echo.so After sshd pam_tally > > I receive the pam_echo lines OK. But no matter what, failed passwords never > increment the pam_tally2 failure count. "UsePAM yes" is specified in > /etc/ssh/sshd_config. This must be the wrong location for pam_tally2.so but > experiments haven't helped me find the right location. Has someone a > working configuration they would share? Many thanks....Nick A typical run-of-the-mill Jessie system here. I just put your pam_tally2 configuration (I skipped pam_echo though) into /etc/pam.d/sshd *before* the '@include common-auth' line. Created /var/log/tallylog file. Tested it with 'ssh -o PreferredAuthentications=password <host>'. Everything worked as expected - i.e. PAM module filled /var/log/tallylog with own blob, and /sbin/pam_tally2 shows failed login counter increments. Reco