Locking users after X failed login attempts with pam_tally2

The pam_tally2 module allows system administrators to block accounts after a number of incorrect login attempts. This guide explains how to use it with SSH.


Using pam_tally2 on Linux Most Linux distributions use pluggable authentication modules (PAM). This modular type of configuration allows system administrators to configure and fine-tune the authentication of users. It also defines the behavior on specific events, like providing an invalid user account or password. PAM can use these events to automatically take an action, like locking an account. Introduction to PAM The configuration of PAM is not that hard, but there are risks involved in the process of making changes.