Locking users after X failed login attempts with pam_tally2

The pam_tally2 module allows system administrators to block accounts after a number of incorrect login attempts. This guide explains how to use it with SSH.


Using pam_tally2 on Linux Most Linux distributions use pluggable authentication modules (PAM). This modular type of configuration allows system administrators to configure and fine-tune the authentication of users. It also defines the behavior on specific events, like providing an invalid user account or password. PAM can use these events to automatically take an action, like locking an account. Introduction to PAM The configuration of PAM is not that hard, but there are risks involved in the process of making changes.

Unused Linux Users: Delete or Keep Them?

Got unused or unknown system accounts on your Linux system? This article explains the different strategies and actions to take and keep the system healthy.


We get often the question what one should do with unused users on Linux. Everyone who looked in the /etc/passwd file will recognize them, strange usernames. A great example is UUCP, or Unix-to-Unix Copy. Once used for communication on direct lines, now another piece of history in our password files. The Options Before we make any decision on dealing with unused Linux accounts, we should look at the most obvious choices we have.