Your account might get locked when you enter
incorrect password a number of time while doing SSH login and that account will
get unlocked only after a certain amount of time.
If you want to unlock the account quickly then you
would require root (or sudo) access to the system. But first you have to
understand the way it works.
There is module pam_tally2 which is used to lock
user accounts after certain number of failed ssh login attempts made to the
system. This module keeps the count of attempted accesses and too many failed
attempts.
This pam_tally2 module comes in two parts, first
is pam_tally2.so and another is pam_tally2. It is used to examine and
manipulate the counter file. It can display user login attempts counts, set
counts on individual basis and unlock all user counts.
You can see if any failed login attempts by firing
following command:
$pam_tally2
The output will be as below:
If you want to check failed login attempt for any specific user then use the command as
The output will be as below:
To unlock any account there can be multiple
approaches. This article will demonstrate all those approaches.
1.
Via reset command
a.
Fire below mentioned command
$pam_tally2 --user=<userId>
--reset
2.
Via editing the config file itself
a.
Fire below mentioned command
$vi /etc/pam.d/password-auth
b.
Look for line
auth required pam_tally2.so deny=3 onerr=fail
unlock_time=1800
c.
You can modify each of the parameters mentioned in last past of the line
i.
Deny = this defines the number of wrong password attempts to lock an
account
ii.
unlock_time = this defines the amount of time for which account should
get locked. The time is in seconds
d.
After you modify parameters as per your need. Just save the file and try
to login via locked account.
Hope above mentioned steps helped you.
No comments:
Post a Comment